Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
msvcp110.dll

Overview

General Information

Sample name:msvcp110.dll
Analysis ID:1525239
MD5:acefae89cedadf69124b8b5734d31824
SHA1:1aaaba4f931740b6ff7731d7421f1550a1bf1464
SHA256:c961841e5b16e000e3d063ac0df2a71f5fbdfcaa1d3d29e1e216094ec0e6ab3c
Tags:dlluser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6760 cmdline: loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 6788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6908 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 7004 cmdline: rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • aspnet_regiis.exe (PID: 7140 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
    • rundll32.exe (PID: 6960 cmdline: rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData MD5: 889B99C52A60DD49227C5E485A016679)
      • aspnet_regiis.exe (PID: 7080 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
    • rundll32.exe (PID: 2736 cmdline: rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData MD5: 889B99C52A60DD49227C5E485A016679)
      • aspnet_regiis.exe (PID: 2124 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["snarlypagowo.site", "explorationmsn.stor", "abnomalrkmu.site", "chorusarorp.site", "mysterisop.site", "absorptioniw.site", "soldiefieop.site", "treatynreit.site", "questionsmw.stor"], "Build id": "1AsNN2--7258599327"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:04.776299+020020546531A Network Trojan was detected192.168.2.449732172.67.214.93443TCP
    2024-10-03T23:14:04.786485+020020546531A Network Trojan was detected192.168.2.449733172.67.214.93443TCP
    2024-10-03T23:14:07.222040+020020546531A Network Trojan was detected192.168.2.449735172.67.214.93443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:04.776299+020020498361A Network Trojan was detected192.168.2.449732172.67.214.93443TCP
    2024-10-03T23:14:04.786485+020020498361A Network Trojan was detected192.168.2.449733172.67.214.93443TCP
    2024-10-03T23:14:07.222040+020020498361A Network Trojan was detected192.168.2.449735172.67.214.93443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.883838+020020563921Domain Observed Used for C2 Detected192.168.2.4581981.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.951611+020020563941Domain Observed Used for C2 Detected192.168.2.4502651.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.899084+020020563961Domain Observed Used for C2 Detected192.168.2.4652171.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.940419+020020564001Domain Observed Used for C2 Detected192.168.2.4534901.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.860110+020020564021Domain Observed Used for C2 Detected192.168.2.4506121.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.928971+020020564061Domain Observed Used for C2 Detected192.168.2.4538321.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.873082+020020564081Domain Observed Used for C2 Detected192.168.2.4575081.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-03T23:14:00.910551+020020564101Domain Observed Used for C2 Detected192.168.2.4502481.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: 6.2.aspnet_regiis.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["snarlypagowo.site", "explorationmsn.stor", "abnomalrkmu.site", "chorusarorp.site", "mysterisop.site", "absorptioniw.site", "soldiefieop.site", "treatynreit.site", "questionsmw.stor"], "Build id": "1AsNN2--7258599327"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: msvcp110.dllJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: absorptioniw.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: mysterisop.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: snarlypagowo.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: treatynreit.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: chorusarorp.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: abnomalrkmu.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: soldiefieop.site
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: questionsmw.stor
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: explorationmsn.stor
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000008.00000002.1768820875.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: 1AsNN2--7258599327
    Source: msvcp110.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: msvcp110.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h5_2_00444040
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+08h], ecx5_2_00401000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp], 00000000h5_2_0041B000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx5_2_004210D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_0041508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+50h], 00000000h5_2_0041508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h5_2_004480A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]5_2_004300B0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_00429140
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+00000688h]5_2_0041D1D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h5_2_0041F1D6
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]5_2_0044518B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+18h], 3602043Ah5_2_0042F1B0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00427250
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx5_2_00427250
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-01h]5_2_0040C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh]5_2_0040C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+34h], edx5_2_004012F2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [edx], ax5_2_0042A280
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_00414294
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+20h]5_2_00416319
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433335
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00433335
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec ebx5_2_0043F3F0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, word ptr [edi]5_2_0042A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+14h]5_2_0042A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx5_2_004214D3
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h5_2_0043F4E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh5_2_0043F4E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], dx5_2_004214EA
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_00416574
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042C510
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al5_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]5_2_0041D672
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh5_2_00447630
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp al, 2Eh5_2_0042C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, eax5_2_0040A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebp, eax5_2_0040A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]5_2_004416A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+000000D0h]5_2_0041D733
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]5_2_00416866
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+68h]5_2_00447820
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]5_2_0042B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then xor eax, eax5_2_0042B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax5_2_0042A8A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-000000C0h]5_2_0040F917
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esi+08h]5_2_00412920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]5_2_00412920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00412920
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp dword ptr [00451A70h]5_2_0042E927
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ebx, byte ptr [edx]5_2_0043B9F0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+24h]5_2_0042DA0A
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh5_2_00449A10
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h5_2_0042DB4B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]5_2_00404B50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h5_2_00443B60
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp dword ptr [0045042Ch]5_2_0041FB73
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]5_2_00446BE5
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ebx5_2_00448BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433BFE
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433BFE
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh5_2_00449BA0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]5_2_0041FBB1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h5_2_00420C4C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]5_2_00446C5A
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]5_2_00405C00
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]5_2_0040FC00
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h5_2_00444C90
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h5_2_00427D03
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h5_2_00449D20
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh5_2_00449D20
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp eax, C0000004h5_2_0041DDFF
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_00443DA0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0042EE40
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax5_2_00415E11
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, byte ptr [ebx+edx-06h]5_2_00406E30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [edx+ebp]5_2_00406E30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ebx5_2_00448F50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp]5_2_0040DFC0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]5_2_0040DFC0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h5_2_00426FF0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433F92
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al5_2_00433F92

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056394 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site) : 192.168.2.4:50265 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056406 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site) : 192.168.2.4:53832 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056408 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site) : 192.168.2.4:57508 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056400 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site) : 192.168.2.4:53490 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site) : 192.168.2.4:65217 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056392 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site) : 192.168.2.4:58198 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056402 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store) : 192.168.2.4:50612 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056410 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site) : 192.168.2.4:50248 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49732 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49735 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.214.93:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.214.93:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: snarlypagowo.site
    Source: Malware configuration extractorURLs: explorationmsn.stor
    Source: Malware configuration extractorURLs: abnomalrkmu.site
    Source: Malware configuration extractorURLs: chorusarorp.site
    Source: Malware configuration extractorURLs: mysterisop.site
    Source: Malware configuration extractorURLs: absorptioniw.site
    Source: Malware configuration extractorURLs: soldiefieop.site
    Source: Malware configuration extractorURLs: treatynreit.site
    Source: Malware configuration extractorURLs: questionsmw.stor
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ed.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: explorationmsn.store
    Source: global trafficDNS traffic detected: DNS query: questionsmw.store
    Source: global trafficDNS traffic detected: DNS query: soldiefieop.site
    Source: global trafficDNS traffic detected: DNS query: abnomalrkmu.site
    Source: global trafficDNS traffic detected: DNS query: chorusarorp.site
    Source: global trafficDNS traffic detected: DNS query: treatynreit.site
    Source: global trafficDNS traffic detected: DNS query: snarlypagowo.site
    Source: global trafficDNS traffic detected: DNS query: mysterisop.site
    Source: global trafficDNS traffic detected: DNS query: absorptioniw.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: beearvagueo.site
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: beearvagueo.site
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://absorptioniw.site:443/api
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.s
    Source: aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.co
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.coA)NR
    Source: aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745507556.000000000306D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769039583.000000000308D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.000000000308D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/L
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1745953427.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744687596.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745815444.000000000309C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.000000000309C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/api
    Source: aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/api2
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/apiF
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/apiN
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.000000000309D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.000000000309D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/apib
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/apic
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/apie
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site/d:
    Source: aspnet_regiis.exe, 00000008.00000002.1769039583.000000000308D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.000000000308D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site:443/api
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beearvagueo.site:443/apiiP
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chorusarorp.site:443/api
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akama
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.ste
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steam
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamsA
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzS
    Source: aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=HLoW
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vW
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgr
    Source: aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.j
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=24Mg
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=24Mgahw2gQy5&l=e
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sa
    Source: aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascriD
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysterisop.site:443/api
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snarlypagowo.site:443/api
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.000000000309C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.000000000309C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/E
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.000000000309D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.000000000309D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/i
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/mBI
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: aspnet_regiis.exe, 00000008.00000003.1768436001.000000000309D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.000000000309D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/or
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F22000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F22000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745815444.000000000309C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.000000000309C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745677654.0000000003096000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744479499.0000000003096000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://treatynreit.site:443/api
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20TeV
    Source: aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.214.93:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00438660 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_00438660
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00438660 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_00438660
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004101A05_2_004101A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00446DCB5_2_00446DCB
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004010005_2_00401000
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004070205_2_00407020
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0041508C5_2_0041508C
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004480A05_2_004480A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004221A05_2_004221A0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004442405_2_00444240
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040B2705_2_0040B270
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040C2105_2_0040C210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004382105_2_00438210
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004432E05_2_004432E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004012F25_2_004012F2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042D2955_2_0042D295
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040937E5_2_0040937E
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004053205_2_00405320
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004073D05_2_004073D0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040138D5_2_0040138D
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042A3A85_2_0042A3A8
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004284725_2_00428472
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042D4D45_2_0042D4D4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042C5105_2_0042C510
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004365E05_2_004365E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004015895_2_00401589
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004305905_2_00430590
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004316705_2_00431670
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042C6E15_2_0042C6E1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004486E05_2_004486E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040A6805_2_0040A680
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040B7005_2_0040B700
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004037805_2_00403780
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_004368205_2_00436820
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042B8305_2_0042B830
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0043F8E05_2_0043F8E0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042E9275_2_0042E927
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0042DB4B5_2_0042DB4B
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00411B505_2_00411B50
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040ABD05_2_0040ABD0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00448BE05_2_00448BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00447BE05_2_00447BE0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0043EC605_2_0043EC60
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00407DD05_2_00407DD0
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0041DDFF5_2_0041DDFF
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0040CF105_2_0040CF10
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 0040EBD0 appears 171 times
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 0040CCF0 appears 51 times
    Source: msvcp110.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
    Source: classification engineClassification label: mal100.troj.evad.winDLL@16/0@11/2
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00437557 CoCreateInstance,5_2_00437557
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
    Source: msvcp110.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
    Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll"
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1Jump to behavior
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameDataJump to behavior
    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameDataJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
    Source: msvcp110.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: msvcp110.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0044D20E push esp; ret 5_2_0044D20F
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_0044ED93 push edx; ret 5_2_0044ED9B
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 7152Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 7164Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 6164Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 1104Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F42000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW;
    Source: aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F42000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F42000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745507556.000000000306D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769039583.000000000308D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.000000000308D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: aspnet_regiis.exe, 00000005.00000002.1745953427.0000000002EFC000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744687596.0000000002EFC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWhm
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 5_2_00446170 LdrInitializeThunk,5_2_00446170

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Allocates memory in foreign processes
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 protect: page execute and read and writeJump to behavior
    Injects a PE file into a foreign processes
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000 value starts with: 4D5AJump to behavior
    LummaC encrypted strings found
    Source: aspnet_regiis.exeString found in binary or memory: chorusarorp.site
    Source: aspnet_regiis.exeString found in binary or memory: abnomalrkmu.site
    Source: aspnet_regiis.exeString found in binary or memory: soldiefieop.site
    Source: aspnet_regiis.exeString found in binary or memory: questionsmw.stor
    Source: aspnet_regiis.exeString found in binary or memory: explorationmsn.stor
    Source: aspnet_regiis.exeString found in binary or memory: absorptioniw.site
    Source: aspnet_regiis.exeString found in binary or memory: mysterisop.site
    Source: aspnet_regiis.exeString found in binary or memory: snarlypagowo.site
    Source: aspnet_regiis.exeString found in binary or memory: treatynreit.site
    Writes to foreign memory regions
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44B000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 45E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2B42008Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44B000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 45E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2C18008Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 400000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 401000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44B000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 44E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 45E000Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 2CF8008Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		311
    Process Injection    		11
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		311
    Process Injection    		LSASS Memory11
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol2
    Clipboard Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    System Information Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Rundll32    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525239 Sample: msvcp110.dll Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 30 treatynreit.site 2->30 32 soldiefieop.site 2->32 34 9 other IPs or domains 2->34 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Antivirus detection for URL or domain 2->44 46 6 other signatures 2->46 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 cmd.exe 1 9->11         started        13 rundll32.exe 9->13         started        16 rundll32.exe 9->16         started        18 conhost.exe 9->18         started        signatures6 20 rundll32.exe 11->20         started        54 Writes to foreign memory regions 13->54 56 Allocates memory in foreign processes 13->56 58 Injects a PE file into a foreign processes 13->58 23 aspnet_regiis.exe 13->23         started        25 aspnet_regiis.exe 16->25         started        process7 signatures8 48 Writes to foreign memory regions 20->48 50 Allocates memory in foreign processes 20->50 52 Injects a PE file into a foreign processes 20->52 27 aspnet_regiis.exe 20->27         started        process9 dnsIp10 36 beearvagueo.site 172.67.214.93, 443, 49732, 49733 CLOUDFLARENETUS United States 27->36 38 steamcommunity.com 104.102.49.254, 443, 49730, 49731 AKAMAI-ASUS United States 27->38

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    msvcp110.dll100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      beearvagueo.site
      		172.67.214.93
      		truetrue
        		unknown
        chorusarorp.site
        		unknown
        		unknowntrue
          		unknown
          treatynreit.site
          		unknown
          		unknowntrue
            		unknown
            snarlypagowo.site
            		unknown
            		unknowntrue
              		unknown
              questionsmw.store
              		unknown
              		unknownfalse
                		unknown
                mysterisop.site
                		unknown
                		unknowntrue
                  		unknown
                  absorptioniw.site
                  		unknown
                  		unknowntrue
                    		unknown
                    abnomalrkmu.site
                    		unknown
                    		unknowntrue
                      		unknown
                      soldiefieop.site
                      		unknown
                      		unknowntrue
                        		unknown
                        explorationmsn.store
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          abnomalrkmu.sitetrue
                            		unknown
                            absorptioniw.sitetrue
                              		unknown
                              treatynreit.sitetrue
                                		unknown
                                https://steamcommunity.com/profiles/76561199724331900true
                                • URL Reputation: malware
                                		unknown
                                questionsmw.stortrue
                                  		unknown
                                  snarlypagowo.sitetrue
                                    		unknown
                                    chorusarorp.sitetrue
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://player.vimeo.comaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://steamcommunity.com/?subsection=broadcastsaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/shared/css/motiva_saaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=24Mgaspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.gstatic.cn/recaptcha/aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://community.akamai.steaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.valvesoftware.com/legal.htmaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.youtube.comaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWaspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.google.comaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://mysterisop.site:443/apiaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/shared/javascriDaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzolaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLaspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://s.ytimg.com;aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://treatynreit.site:443/apiaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://steam.tv/aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://avatars.akamai.steamstatic.coA)NRaspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://steamcommunity.com/oraspnet_regiis.exe, 00000008.00000003.1768436001.000000000309D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.000000000309D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishaspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamsAaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://steamcommunity.com:443/profiles/76561199724331900aspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://beearvagueo.site/api2aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com/iaspnet_regiis.exe, 00000008.00000003.1768436001.000000000309D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.000000000309D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://store.steampowered.com/points/shop/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://sketchfab.comaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://lv.queniujq.cnaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745677654.0000000003096000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744479499.0000000003096000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              • URL Reputation: malware
                                                                              		unknown
                                                                              https://www.youtube.com/aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&aaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgaspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://absorptioniw.site:443/apiaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=enaspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://avatars.akamai.saspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.jaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://beearvagueo.site/Laspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstaticaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgraspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www.google.com/recaptcha/aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://checkout.steampowered.com/aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishaspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://beearvagueo.site/d:aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishaspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://beearvagueo.site/aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000002.1745507556.000000000306D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769039583.000000000308D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.000000000308D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20TeVaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://chorusarorp.site:443/apiaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCaspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://store.steampowered.com/;aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://store.steampowered.com/about/aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://steamcommunity.com/my/wishlist/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=englishaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://help.steampowered.com/en/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://steamcommunity.com/market/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://store.steampowered.com/news/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://community.akamai.steamstatic.com/aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=24Mgahw2gQy5&l=easpnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=HLoWaspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://recaptcha.net/recaptcha/;aspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://beearvagueo.site/apieaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://beearvagueo.site/apicaspnet_regiis.exe, 00000008.00000003.1768436001.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.00000000030D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://steamcommunity.com/discussions/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://beearvagueo.site/apibaspnet_regiis.exe, 00000008.00000003.1768436001.000000000309D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.000000000309D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://beearvagueo.site:443/apiiPaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://store.steampowered.com/stats/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://beearvagueo.site/apiNaspnet_regiis.exe, 00000005.00000003.1744296630.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000002.1746161653.0000000002F56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://medal.tvaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://broadcast.st.dl.eccdnx.comaspnet_regiis.exe, 00000006.00000002.1745815444.00000000030B8000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.00000000030B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1aspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744302028.000000000310C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.0000000003098000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://store.steampowered.com/steam_refunds/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://steamcommunity.com/Easpnet_regiis.exe, 00000006.00000002.1745815444.000000000309C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1744365537.000000000309C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://community.akamaaspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://beearvagueo.site:443/apiaspnet_regiis.exe, 00000008.00000002.1769039583.000000000308D000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.000000000308D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSaspnet_regiis.exe, 00000005.00000002.1746839338.0000000002F94000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://steamcommunity.com/workshop/aspnet_regiis.exe, 00000005.00000003.1744655704.0000000002F8C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000005.00000003.1744262020.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1743938920.0000000003104000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000006.00000003.1730675562.00000000030FB000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768436001.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000002.1769094222.0000000003108000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000008.00000003.1768392982.0000000003123000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                104.102.49.254
                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                172.67.214.93
                                                                                                                                                		beearvagueo.siteUnited States
                                                                                                                                                		13335CLOUDFLARENETUStrue

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                Analysis ID:1525239
                                                                                                                                                Start date and time:2024-10-03 23:13:05 +02:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 2m 56s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:msvcp110.dll
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.evad.winDLL@16/0@11/2
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 89%
                                                                                                                                                • Number of executed functions: 9
                                                                                                                                                • Number of non-executed functions: 100
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .dll
                                                                                                                                                • Stop behavior analysis, all processes terminated

                                                                                                                                                Warnings

                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • VT rate limit hit for: msvcp110.dll

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                17:14:00API Interceptor7x Sleep call for process: aspnet_regiis.exe modified
                                                                                                                                                17:14:03API Interceptor1x Sleep call for process: loaddll32.exe modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                • www.valvesoftware.com/legal.htm
                                                                                                                                                172.67.214.93http://tebakbola.infoGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  steamcommunity.comcarrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 23.192.247.89
                                                                                                                                                  c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  v4yke52Xwu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254

                                                                                                                                                  ASNs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  CLOUDFLARENETUShttps://www.google.se/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s/link.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS3mzuBnL-QM9pVTUTxyWc1WyOovmb3Tk3NbIL2d2EAiLnALFxIwpw4Ea5BJnfNlGtrBBU_09OdOyxWIoH5OGk5krozZGyDG04GwV1A1i62V7ZHAsHD2HuXxLRbuTLwJ7nne5OoBikrWbP09wdmrU0Ux1PwQTxWW-4WqOLqDM-eOzn5OS5dc9AC-zsZGTpLU68lyIxLrcGUjprs01qDo_AF9kArbtDnZS59rgsqwPhVy55PUqH74R1QD9RQNSwa0QLjmNb6xFyDx4TkQQ9pmK-Sq/4a7/BVRt3igITgKfI8bq35Ml_w/h53/h001.yn5JRYzfVDjfbL0RFC-jVPp1XHK_GYk_K4Zr7dwWM3MGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.18.68.40
                                                                                                                                                  Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 188.114.97.3
                                                                                                                                                  COVID-19.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  ORA _ Morningstar DBRS.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.18.86.42
                                                                                                                                                  carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 188.114.96.3
                                                                                                                                                  https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.infoGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.18.39.115
                                                                                                                                                  das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 188.114.97.3
                                                                                                                                                  vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 188.114.96.3
                                                                                                                                                  Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 188.114.96.3
                                                                                                                                                  tMREqVW0.exeGet hashmaliciousXWormBrowse
                                                                                                                                                  • 104.20.3.235
                                                                                                                                                  AKAMAI-ASUSteracopy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 184.28.90.27
                                                                                                                                                  COVID-19.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                                  • 23.217.172.185
                                                                                                                                                  carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 23.192.247.89
                                                                                                                                                  c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.201.253.231
                                                                                                                                                  0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                  • 184.28.90.27
                                                                                                                                                  http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.78.188.188

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1Document-20-18-07.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  das.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  sqlite.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93
                                                                                                                                                  file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                  • 104.102.49.254
                                                                                                                                                  • 172.67.214.93

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  No created / dropped files found

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Entropy (8bit):7.096338130873302
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                  File name:msvcp110.dll
                                                                                                                                                  File size:592'896 bytes
                                                                                                                                                  MD5:acefae89cedadf69124b8b5734d31824
                                                                                                                                                  SHA1:1aaaba4f931740b6ff7731d7421f1550a1bf1464
                                                                                                                                                  SHA256:c961841e5b16e000e3d063ac0df2a71f5fbdfcaa1d3d29e1e216094ec0e6ab3c
                                                                                                                                                  SHA512:c7f922cd78a8c1c9b06c884415619e547c081eb51603bc4f1e69ae91b977c247ba4822df7e1fa78e70344af0fadba3637c59bf1cf2059b8eaf3917e2b63831e4
                                                                                                                                                  SSDEEP:6144:EbU2u9ytJdpnyFs9aH/zVj4MNM3rBAFX7N1z/gPX7h//7cu58lBtwGRPuRo1hPyo:Eu9ytZnP9aW0MbSVYPXJ7xud0RoZB
                                                                                                                                                  TLSH:ABC46CC47EE5CBA5F96DCA727C344787BD3E46302A48CD8F1D1AC8056E2A8E62413767
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................S....................s...............4.......4.......4...............4.......4......Rich...........

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:7ae282899bbab082

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x100230f4
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x10000000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                  Time Stamp:0x66FEC4DD [Thu Oct 3 16:22:53 2024 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:6
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:6
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:e508a746a3946beda3b79173e8298687

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  push ebp
                                                                                                                                                  mov ebp, esp
                                                                                                                                                  cmp dword ptr [ebp+0Ch], 01h
                                                                                                                                                  jne 00007F2438803C57h
                                                                                                                                                  call 00007F2438803E2Bh
                                                                                                                                                  push dword ptr [ebp+10h]
                                                                                                                                                  push dword ptr [ebp+0Ch]
                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                  call 00007F2438803B03h
                                                                                                                                                  add esp, 0Ch
                                                                                                                                                  pop ebp
                                                                                                                                                  retn 000Ch
                                                                                                                                                  push ebp
                                                                                                                                                  mov ebp, esp
                                                                                                                                                  push 00000000h
                                                                                                                                                  call dword ptr [10031058h]
                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                  call dword ptr [10031054h]
                                                                                                                                                  push C0000409h
                                                                                                                                                  call dword ptr [10031008h]
                                                                                                                                                  push eax
                                                                                                                                                  call dword ptr [1003105Ch]
                                                                                                                                                  pop ebp
                                                                                                                                                  ret
                                                                                                                                                  push ebp
                                                                                                                                                  mov ebp, esp
                                                                                                                                                  sub esp, 00000324h
                                                                                                                                                  push 00000017h
                                                                                                                                                  call dword ptr [10031060h]
                                                                                                                                                  test eax, eax
                                                                                                                                                  je 00007F2438803C57h
                                                                                                                                                  push 00000002h
                                                                                                                                                  pop ecx
                                                                                                                                                  int 29h
                                                                                                                                                  mov dword ptr [10090AA0h], eax
                                                                                                                                                  mov dword ptr [10090A9Ch], ecx
                                                                                                                                                  mov dword ptr [10090A98h], edx
                                                                                                                                                  mov dword ptr [10090A94h], ebx
                                                                                                                                                  mov dword ptr [10090A90h], esi
                                                                                                                                                  mov dword ptr [10090A8Ch], edi
                                                                                                                                                  mov word ptr [10090AB8h], ss
                                                                                                                                                  mov word ptr [10090AACh], cs
                                                                                                                                                  mov word ptr [10090A88h], ds
                                                                                                                                                  mov word ptr [10090A84h], es
                                                                                                                                                  mov word ptr [10090A80h], fs
                                                                                                                                                  mov word ptr [10090A7Ch], gs
                                                                                                                                                  pushfd
                                                                                                                                                  pop dword ptr [10090AB0h]
                                                                                                                                                  mov eax, dword ptr [ebp+00h]
                                                                                                                                                  mov dword ptr [10090AA4h], eax
                                                                                                                                                  mov eax, dword ptr [ebp+04h]
                                                                                                                                                  mov dword ptr [00090AA8h], eax

                                                                                                                                                  Rich Headers

                                                                                                                                                  Programming Language:
                                                                                                                                                  • [IMP] VS2005 build 50727

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x373900x78.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x374080x3c.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x920000x1c38.reloc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x367400x1c.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x366800x40.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x310000x150.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x10000x2f2830x2f40012c14864e49b51aebab8deba3fd779b8False0.42121879133597884data6.6542134731151545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rdata0x310000x6ba60x6c002d67a8bba35ae9daa7e0f9f29021124aFalse0.44209346064814814data5.066799564694865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .data0x380000x596000x58a00df432c4d107b146b15cd12b2993562c1False0.4759289051480959data6.666010476939313IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                  .reloc0x920000x1c380x1e006f49c8b5e18e25c8ab81e75252eb4593False0.750390625data6.493575582335176IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  USER32.dllShowWindow
                                                                                                                                                  KERNEL32.dllEncodePointer, WriteConsoleW, GetCurrentProcess, GetModuleHandleA, K32GetModuleInformation, GetModuleFileNameA, CreateFileA, CreateFileMappingA, CloseHandle, MapViewOfFile, VirtualProtect, GetModuleHandleW, GetConsoleWindow, VirtualAlloc, CreateProcessW, GetThreadContext, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, SetThreadContext, ResumeThread, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, CreateFileW, RaiseException, InterlockedFlushSList, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, DecodePointer, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetProcessHeap, GetStdHandle, GetFileType, GetStringTypeW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx

                                                                                                                                                  Exports

                                                                                                                                                  NameOrdinalAddress
                                                                                                                                                  GetGameData10x100106e0

                                                                                                                                                  Network Behavior

                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                  2024-10-03T23:14:00.860110+02002056402ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store)1192.168.2.4506121.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.873082+02002056408ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site)1192.168.2.4575081.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.883838+02002056392ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site)1192.168.2.4581981.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.899084+02002056396ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site)1192.168.2.4652171.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.910551+02002056410ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site)1192.168.2.4502481.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.928971+02002056406ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site)1192.168.2.4538321.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.940419+02002056400ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site)1192.168.2.4534901.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:00.951611+02002056394ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site)1192.168.2.4502651.1.1.153UDP
                                                                                                                                                  2024-10-03T23:14:04.776299+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449732172.67.214.93443TCP
                                                                                                                                                  2024-10-03T23:14:04.776299+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732172.67.214.93443TCP
                                                                                                                                                  2024-10-03T23:14:04.786485+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449733172.67.214.93443TCP
                                                                                                                                                  2024-10-03T23:14:04.786485+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449733172.67.214.93443TCP
                                                                                                                                                  2024-10-03T23:14:07.222040+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449735172.67.214.93443TCP
                                                                                                                                                  2024-10-03T23:14:07.222040+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449735172.67.214.93443TCP

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Oct 3, 2024 23:14:00.987202883 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:00.987288952 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.987504005 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:00.993371010 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:00.993458986 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.993709087 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:00.996989012 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:00.997068882 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.997117043 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:00.997194052 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.567922115 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.567929029 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.568162918 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.568268061 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.619668007 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.690821886 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.690906048 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.691375017 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.697072029 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.697127104 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.698288918 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.744611979 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.744645119 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.913192987 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.944588900 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:02.959500074 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:02.991489887 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.318358898 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.318424940 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.318434000 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.318542957 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.318576097 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.318937063 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.319010019 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.319474936 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.422089100 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.422153950 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.422422886 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.422492981 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.422808886 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.427412987 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.427623987 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.427710056 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.427710056 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.436234951 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.436300993 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.436321974 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.436394930 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.436441898 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.436464071 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.436489105 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.436568975 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.436568975 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.436568975 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.439099073 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.448924065 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.448924065 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.448996067 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.449033976 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.480202913 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:03.480293036 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.480742931 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:03.480855942 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:03.480885983 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.539108992 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.539174080 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.539275885 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.539275885 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.539340973 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.539403915 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.544478893 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.544639111 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.544699907 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.544742107 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.544774055 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.544809103 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.545221090 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.545221090 CEST49731443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.545289040 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.545324087 CEST44349731104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.548294067 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:03.548343897 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.548605919 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:03.548814058 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:03.548845053 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.803921938 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.804003954 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.804085970 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.805704117 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:03.805738926 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.082155943 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.082519054 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.083426952 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.083653927 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.084556103 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.084609985 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.085027933 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.086577892 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.086606026 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.087142944 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.087966919 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.088011026 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.088069916 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.089474916 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.089509964 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.089669943 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.710589886 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.710810900 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:04.711992025 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:04.712013006 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.712935925 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.760061026 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:04.775054932 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:04.776429892 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.776667118 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.776747942 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.776829004 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.776829958 CEST49732443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.776869059 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.776896954 CEST44349732172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.786509991 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.786686897 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.786863089 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.808706045 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.808706045 CEST49733443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:04.808777094 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.808814049 CEST44349733172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:04.819407940 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214128017 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214196920 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214243889 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.214248896 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214271069 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214298964 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.214298964 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.214344025 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214370012 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.214401960 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.214401960 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.214427948 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.322155952 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.322206974 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.322268009 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.322297096 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.322330952 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.322349072 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.327065945 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.327153921 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.327167034 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.327224970 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.327234983 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.327287912 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.327346087 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.330589056 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.330624104 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.330648899 CEST49734443192.168.2.4104.102.49.254
                                                                                                                                                  Oct 3, 2024 23:14:05.330662966 CEST44349734104.102.49.254192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.343756914 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.343847036 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.343961000 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.348042011 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.348076105 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.837347031 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.837538958 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.839905977 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.839936018 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.840446949 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:05.841682911 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.841725111 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:05.841835022 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:07.222119093 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:07.222358942 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:07.222457886 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:07.222552061 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:07.222552061 CEST49735443192.168.2.4172.67.214.93
                                                                                                                                                  Oct 3, 2024 23:14:07.222615957 CEST44349735172.67.214.93192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:07.222645998 CEST44349735172.67.214.93192.168.2.4

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Oct 3, 2024 23:14:00.843691111 CEST5504253192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.854820013 CEST53550421.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.860110044 CEST5061253192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.868911028 CEST53506121.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.873081923 CEST5750853192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.881633997 CEST53575081.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.883837938 CEST5819853192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.896872044 CEST53581981.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.899084091 CEST6521753192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.908797979 CEST53652171.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.910551071 CEST5024853192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.926990032 CEST53502481.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.928971052 CEST5383253192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.938348055 CEST53538321.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.940418959 CEST5349053192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.949969053 CEST53534901.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.951611042 CEST5026553192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.960760117 CEST53502651.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:00.962630987 CEST6221753192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:00.980752945 CEST53622171.1.1.1192.168.2.4
                                                                                                                                                  Oct 3, 2024 23:14:03.459517002 CEST6393553192.168.2.41.1.1.1
                                                                                                                                                  Oct 3, 2024 23:14:03.479254961 CEST53639351.1.1.1192.168.2.4

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                  Oct 3, 2024 23:14:00.843691111 CEST192.168.2.41.1.1.10x5b2cStandard query (0)explorationmsn.storeA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.860110044 CEST192.168.2.41.1.1.10xd61aStandard query (0)questionsmw.storeA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.873081923 CEST192.168.2.41.1.1.10xb539Standard query (0)soldiefieop.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.883837938 CEST192.168.2.41.1.1.10x8d31Standard query (0)abnomalrkmu.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.899084091 CEST192.168.2.41.1.1.10x347eStandard query (0)chorusarorp.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.910551071 CEST192.168.2.41.1.1.10xbf84Standard query (0)treatynreit.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.928971052 CEST192.168.2.41.1.1.10xda6Standard query (0)snarlypagowo.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.940418959 CEST192.168.2.41.1.1.10xf29fStandard query (0)mysterisop.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.951611042 CEST192.168.2.41.1.1.10xfdffStandard query (0)absorptioniw.siteA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.962630987 CEST192.168.2.41.1.1.10xdd74Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:03.459517002 CEST192.168.2.41.1.1.10x2f16Standard query (0)beearvagueo.siteA (IP address)IN (0x0001)false

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                  Oct 3, 2024 23:14:00.854820013 CEST1.1.1.1192.168.2.40x5b2cName error (3)explorationmsn.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.868911028 CEST1.1.1.1192.168.2.40xd61aName error (3)questionsmw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.881633997 CEST1.1.1.1192.168.2.40xb539Name error (3)soldiefieop.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.896872044 CEST1.1.1.1192.168.2.40x8d31Name error (3)abnomalrkmu.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.908797979 CEST1.1.1.1192.168.2.40x347eName error (3)chorusarorp.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.926990032 CEST1.1.1.1192.168.2.40xbf84Name error (3)treatynreit.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.938348055 CEST1.1.1.1192.168.2.40xda6Name error (3)snarlypagowo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.949969053 CEST1.1.1.1192.168.2.40xf29fName error (3)mysterisop.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.960760117 CEST1.1.1.1192.168.2.40xfdffName error (3)absorptioniw.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:00.980752945 CEST1.1.1.1192.168.2.40xdd74No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:03.479254961 CEST1.1.1.1192.168.2.40x2f16No error (0)beearvagueo.site172.67.214.93A (IP address)IN (0x0001)false
                                                                                                                                                  Oct 3, 2024 23:14:03.479254961 CEST1.1.1.1192.168.2.40x2f16No error (0)beearvagueo.site104.21.93.202A (IP address)IN (0x0001)false

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • steamcommunity.com
                                                                                                                                                  • beearvagueo.site

                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.449730104.102.49.2544437140C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-10-03 21:14:02 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                  2024-10-03 21:14:03 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Date: Thu, 03 Oct 2024 21:14:03 GMT
                                                                                                                                                  Content-Length: 34832
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: sessionid=f802a489fba9dbcd5a9f1385; Path=/; Secure; SameSite=None
                                                                                                                                                  Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                  2024-10-03 21:14:03 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                  2024-10-03 21:14:03 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                                                                                                                  Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                                                                                                                  2024-10-03 21:14:03 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                                                                                                                  Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                                                                                                                  2024-10-03 21:14:03 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                  Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.449731104.102.49.2544437080C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-10-03 21:14:02 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                  2024-10-03 21:14:03 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Date: Thu, 03 Oct 2024 21:14:03 GMT
                                                                                                                                                  Content-Length: 34832
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: sessionid=c7a247e5184889e55cd1cafc; Path=/; Secure; SameSite=None
                                                                                                                                                  Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                  2024-10-03 21:14:03 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                  2024-10-03 21:14:03 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                                                                                                                  Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                                                                                                                  2024-10-03 21:14:03 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                                                                                                                  Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                                                                                                                  2024-10-03 21:14:03 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                  Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.449733172.67.214.934437080C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-10-03 21:14:04 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 8
                                                                                                                                                  Host: beearvagueo.site
                                                                                                                                                  2024-10-03 21:14:04 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                  2024-10-03 21:14:04 UTC787INHTTP/1.1 200 OK
                                                                                                                                                  Date: Thu, 03 Oct 2024 21:14:04 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=ff17i62ps7da75l5l5agognp9i; expires=Mon, 27 Jan 2025 15:00:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xGyQQgIZ6Q9avt8kvYBZ2fpGcMGPxSHygZk9dm%2FZUU5Y4A6Q7NaB8osUPSeHSC4eOGRF4A2rW%2FB3M4okDOVi8COk6qpaqnHPICyxiMQ78MHUqp9n7ChZ6Rro6L3j5oFwsUa2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8ccff0900f8a4391-EWR
                                                                                                                                                  2024-10-03 21:14:04 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                  Data Ascii: aerror #D12
                                                                                                                                                  2024-10-03 21:14:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.449732172.67.214.934437140C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-10-03 21:14:04 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 8
                                                                                                                                                  Host: beearvagueo.site
                                                                                                                                                  2024-10-03 21:14:04 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                  2024-10-03 21:14:04 UTC795INHTTP/1.1 200 OK
                                                                                                                                                  Date: Thu, 03 Oct 2024 21:14:04 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=0hgmj8540l6ca2auhh17ojtk06; expires=Mon, 27 Jan 2025 15:00:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6XC%2By%2Fx0RO1tYGDGZJTz%2BIbqkMKEQLaiIqwl116sZAY5T3TUJ%2Bk25Eq8KqtN%2FuofvJ%2FNYt3chUgAwHmUPcwozpuzdfdDCaxYkQ0RubGAEj83ycqEcTsVyJUTQ9YqQgW7KLz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8ccff090083672aa-EWR
                                                                                                                                                  2024-10-03 21:14:04 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                  Data Ascii: aerror #D12
                                                                                                                                                  2024-10-03 21:14:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.449734104.102.49.2544432124C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-10-03 21:14:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                  2024-10-03 21:14:05 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Date: Thu, 03 Oct 2024 21:14:05 GMT
                                                                                                                                                  Content-Length: 34832
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: sessionid=3e589968fbfec392289c7016; Path=/; Secure; SameSite=None
                                                                                                                                                  Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                  2024-10-03 21:14:05 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                  2024-10-03 21:14:05 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                                                                                                                  Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                                                                                                                  2024-10-03 21:14:05 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                                                                                                                  Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                                                                                                                  2024-10-03 21:14:05 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                  Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.449735172.67.214.934432124C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-10-03 21:14:05 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 8
                                                                                                                                                  Host: beearvagueo.site
                                                                                                                                                  2024-10-03 21:14:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                  2024-10-03 21:14:07 UTC819INHTTP/1.1 200 OK
                                                                                                                                                  Date: Thu, 03 Oct 2024 21:14:06 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=3f16ats9boqfpt4st8vhpr3cm4; expires=Mon, 27 Jan 2025 15:00:45 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly0QMURDie4rBRDdNNZN5AgCQuyF9PewHtK68Wxiff7Q7GdKiIxyWe%2F%2F5XWDL6xl4KPc5sMEixH5RASjNrFa8fkH5vMduejWscB6dx7I2sZT6FWl00iQ9t%2FhF2GhynA0HEiE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8ccff09b1c9915cb-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-10-03 21:14:07 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                  Data Ascii: aerror #D12
                                                                                                                                                  2024-10-03 21:14:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Target ID:0
                                                                                                                                                  Start time:17:13:59
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:loaddll32.exe "C:\Users\user\Desktop\msvcp110.dll"
                                                                                                                                                  Imagebase:0x230000
                                                                                                                                                  File size:126'464 bytes
                                                                                                                                                  MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:1
                                                                                                                                                  Start time:17:13:59
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:2
                                                                                                                                                  Start time:17:14:00
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:3
                                                                                                                                                  Start time:17:14:00
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\msvcp110.dll,GetGameData
                                                                                                                                                  Imagebase:0x3f0000
                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:4
                                                                                                                                                  Start time:17:14:00
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",#1
                                                                                                                                                  Imagebase:0x3f0000
                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:5
                                                                                                                                                  Start time:17:14:00
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                                  Imagebase:0x220000
                                                                                                                                                  File size:43'016 bytes
                                                                                                                                                  MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:6
                                                                                                                                                  Start time:17:14:00
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                                  Imagebase:0x220000
                                                                                                                                                  File size:43'016 bytes
                                                                                                                                                  MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:7
                                                                                                                                                  Start time:17:14:03
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:rundll32.exe "C:\Users\user\Desktop\msvcp110.dll",GetGameData
                                                                                                                                                  Imagebase:0x3f0000
                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:8
                                                                                                                                                  Start time:17:14:03
                                                                                                                                                  Start date:03/10/2024
                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                                  Imagebase:0xc0000
                                                                                                                                                  File size:43'016 bytes
                                                                                                                                                  MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate
                                                                                                                                                  Has exited:true

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:1.1%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                    Signature Coverage:11.9%
                                                                                                                                                    Total number of Nodes:42
                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                    execution_graph 20862 40d440 20863 40d449 20862->20863 20864 40d451 GetInputState 20863->20864 20865 40d62e ExitProcess 20863->20865 20866 40d45e 20864->20866 20867 40d466 GetCurrentThreadId GetCurrentProcessId 20866->20867 20868 40d629 20866->20868 20869 40d491 20867->20869 20880 445ce0 FreeLibrary 20868->20880 20876 40ebe0 20869->20876 20879 40ec5b 20876->20879 20877 40ed1c LoadLibraryExW 20878 40ed33 20877->20878 20879->20877 20880->20865 20915 446514 20916 4462d0 20915->20916 20917 446573 20916->20917 20919 446170 LdrInitializeThunk 20916->20919 20919->20916 20881 40f586 20882 40f672 20881->20882 20885 4101a0 20882->20885 20887 410230 20885->20887 20886 40f6bb 20887->20886 20889 445d00 20887->20889 20890 445d7c 20889->20890 20891 445d1b 20889->20891 20890->20887 20892 445d87 20891->20892 20895 445d29 20891->20895 20896 4434c0 20892->20896 20894 445d66 RtlReAllocateHeap 20894->20890 20895->20894 20897 4434d6 20896->20897 20898 443539 20896->20898 20899 443526 RtlFreeHeap 20897->20899 20898->20890 20899->20898 20905 4461ce 20906 4461fa 20905->20906 20908 44624e 20906->20908 20909 446170 LdrInitializeThunk 20906->20909 20909->20908 20925 443498 20926 44349e RtlAllocateHeap 20925->20926 20927 44505a 20928 4450c4 LoadLibraryExW 20927->20928 20929 44509e 20927->20929 20930 4450d6 20928->20930 20929->20928 20930->20930

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 004101A0 Relevance: 1.7, Strings: 1, Instructions: 404COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 130 4101a0-41022b 131 410230-410239 130->131 131->131 132 41023b-41024e 131->132 134 410592-410594 132->134 135 410255-410257 132->135 136 4104e6-4104ea 132->136 137 410596-4105b1 132->137 138 410569-410575 132->138 139 41057a-41058b 132->139 140 41025c-41048f 132->140 141 4104ef-410562 call 40cc40 132->141 160 4105e9-41060e 134->160 142 4107c8-4107cf 135->142 165 4107bc-4107c5 136->165 163 4105b3 137->163 164 4105e6 137->164 167 4107b0-4107b9 138->167 139->134 139->137 143 410667-410690 139->143 144 410789-41078f 139->144 145 410729-410744 139->145 146 410771-410782 139->146 147 410790 139->147 148 410750-41076b 139->148 149 4106d0 139->149 150 4107d0 139->150 151 410792-410797 139->151 152 410697-410699 139->152 153 4106d7-4106de 139->153 154 410656-410662 139->154 155 4107d6 139->155 156 4106b9-4106c9 139->156 157 41071d-410720 139->157 158 41079e 139->158 159 4106fe-410705 call 445d00 139->159 161 410491 140->161 162 4104c8-4104d3 140->162 141->134 141->137 141->138 141->139 141->143 141->144 141->145 141->146 141->147 141->148 141->149 141->150 141->151 141->152 141->153 141->154 141->155 141->156 141->157 141->158 141->159 143->144 143->145 143->146 143->147 143->148 143->149 143->150 143->151 143->152 143->153 143->155 143->156 143->157 143->158 143->159 144->147 145->148 146->144 146->149 146->150 146->153 146->155 146->158 148->146 149->153 151->149 151->150 151->153 151->155 151->158 178 4106a2-4106b2 152->178 180 4106e5-4106f7 153->180 173 4107a7 154->173 156->153 157->145 158->173 181 41070a-410716 159->181 171 410610-410634 call 412870 160->171 172 410636-41064f 160->172 168 4104a0-4104c6 call 4127f0 161->168 179 4104d6-4104df 162->179 170 4105c0-4105e4 call 4128c0 163->170 164->160 165->142 167->165 168->162 170->164 171->172 172->143 172->144 172->145 172->146 172->147 172->148 172->149 172->150 172->151 172->152 172->153 172->154 172->155 172->156 172->157 172->158 172->159 173->167 178->144 178->145 178->146 178->147 178->148 178->149 178->150 178->151 178->153 178->155 178->156 178->157 178->158 178->159 179->134 179->136 179->137 179->138 179->139 179->141 179->143 179->144 179->145 179->146 179->147 179->148 179->149 179->150 179->151 179->152 179->153 179->154 179->155 179->156 179->157 179->158 179->159 180->144 180->145 180->146 180->147 180->148 180->149 180->150 180->151 180->153 180->155 180->157 180->158 180->159 181->144 181->145 181->146 181->147 181->148 181->149 181->150 181->151 181->153 181->155 181->157 181->158
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 5{1y
                                                                                                                                                    • API String ID: 0-1368497684
                                                                                                                                                    • Opcode ID: e8ea5d1cda620284d3cca87f1e47a629425b054d3919e2718f6e2ab83fb85a4f
                                                                                                                                                    • Instruction ID: 430970ba5aa758463fc1d266fd814e1e4b8d4bbd5d3e872d0ea25936ea341aea
                                                                                                                                                    • Opcode Fuzzy Hash: e8ea5d1cda620284d3cca87f1e47a629425b054d3919e2718f6e2ab83fb85a4f
                                                                                                                                                    • Instruction Fuzzy Hash: 19F124B1100B00DFE3208F26D984B97BBF5FB46708F108A2DE5AA8BAA1D774B455CF54
                                                                                                                                                    Function 00446DCB Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 204 446dcb-446dfe 205 446e05-446e1b 204->205 206 446ef9-446f09 204->206 209 446e22-446e4b call 40cce0 205->209 210 446e1d-446e20 205->210 207 446f10-446f11 call 40cce0 206->207 208 446f0b-446f0e 206->208 213 446f16-446f33 207->213 208->207 236 446f3a-446f65 209->236 237 446e51-446e53 209->237 210->209 215 4471e7-4471ec 213->215 216 446fa0-446fc6 213->216 217 447120-44712c 213->217 218 447140 213->218 219 447160-447169 213->219 220 447142-44714a 213->220 221 447183-447193 213->221 222 4470ec-447116 213->222 223 446fcd-446fdf 213->223 224 447269-447276 213->224 225 4470c9-4470d5 213->225 226 447209-44723c 213->226 227 447250-447262 213->227 228 447170-44717c 213->228 229 4471b0-4471b8 213->229 230 447151-447159 213->230 231 4471d2-4471e0 213->231 232 4471f3-447202 213->232 233 4470dc-4470e5 213->233 234 4471bf-4471cb 213->234 235 44719a-4471a9 213->235 213->236 215->226 215->227 215->232 215->234 216->215 216->216 216->217 216->218 216->219 216->220 216->221 216->222 216->223 216->224 216->225 216->226 216->227 216->228 216->229 216->230 216->231 216->232 216->233 216->234 216->235 217->215 217->218 217->219 217->220 217->221 217->226 217->227 217->228 217->229 217->230 217->231 217->232 217->234 217->235 219->215 219->217 219->218 219->219 219->220 219->221 219->226 219->227 219->228 219->229 219->230 219->231 219->232 219->234 219->235 220->215 220->219 220->221 220->226 220->227 220->228 220->229 220->230 220->231 220->232 220->234 220->235 221->215 221->226 221->227 221->229 221->231 221->232 221->234 221->235 222->215 222->217 222->218 222->219 222->220 222->221 222->226 222->227 222->228 222->229 222->230 222->231 222->232 222->234 222->235 240 446fe0-446fed 223->240 225->215 225->217 225->218 225->219 225->220 225->221 225->222 225->226 225->227 225->228 225->229 225->230 225->231 225->232 225->233 225->234 225->235 226->215 226->216 226->217 226->218 226->219 226->220 226->221 226->222 226->223 226->224 226->225 226->226 226->227 226->228 226->229 226->230 226->231 226->232 226->233 226->234 226->235 227->215 227->216 227->217 227->218 227->219 227->220 227->221 227->222 227->223 227->224 227->225 227->226 227->227 227->228 227->229 227->230 227->231 227->232 227->233 227->234 227->235 228->215 228->221 228->226 228->227 228->229 228->231 228->232 228->234 228->235 229->226 229->227 229->232 229->234 230->215 230->219 230->221 230->226 230->227 230->229 230->231 230->232 230->234 230->235 231->215 231->226 231->227 231->229 231->232 231->234 232->226 232->227 233->215 233->217 233->218 233->219 233->220 233->221 233->222 233->226 233->227 233->228 233->229 233->230 233->231 233->232 233->234 233->235 234->215 234->226 234->227 234->229 234->231 234->232 234->234 235->215 235->226 235->227 235->229 235->231 235->232 235->234 236->215 236->216 236->217 236->218 236->219 236->220 236->221 236->222 236->223 236->224 236->225 236->226 236->227 236->228 236->229 236->230 236->231 236->232 236->233 236->234 236->235 238 446f6c-446f94 call 40ccf0 236->238 239 446ed3-446ef2 236->239 237->236 241 446e59-446e5f 237->241 238->215 238->216 238->217 238->218 238->219 238->220 238->221 238->222 238->223 238->224 238->225 238->226 238->227 238->228 238->229 238->230 238->231 238->232 238->233 238->234 238->235 239->206 239->215 239->216 239->217 239->218 239->219 239->220 239->221 239->222 239->223 239->224 239->225 239->226 239->227 239->228 239->229 239->230 239->231 239->232 239->233 239->234 239->235 240->240 243 446fef-44700d 240->243 244 446e61-446e6f 241->244 245 446ebd-446ecc 241->245 247 44700f 243->247 248 447039-447040 243->248 249 446e70-446ebb 244->249 245->215 245->216 245->217 245->218 245->219 245->220 245->221 245->222 245->223 245->224 245->225 245->226 245->227 245->228 245->229 245->230 245->231 245->232 245->233 245->234 245->235 245->238 245->239 252 447010-447037 call 447340 247->252 250 4470b0-4470c2 248->250 251 447042-447054 248->251 249->245 249->249 250->215 250->216 250->217 250->218 250->219 250->220 250->221 250->222 250->225 250->226 250->227 250->228 250->229 250->230 250->231 250->232 250->233 250->234 250->235 254 447056-44705f 251->254 255 44708f-447094 251->255 252->248 257 447060-447089 254->257 255->250 258 447096-44709b 255->258 257->257 259 44708b 257->259 260 4470a0-4470ae 258->260 259->255 260->250 260->260
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: BqD
                                                                                                                                                    • API String ID: 0-3419032962
                                                                                                                                                    • Opcode ID: ed37e71b918876b5dfba1bae4127bdfb8174ef4fb814a6e86e8dd199f863976a
                                                                                                                                                    • Instruction ID: f376534f8a50dc1160a3c9b166cd37c026a650fa92a38d3e22a91c16b018f440
                                                                                                                                                    • Opcode Fuzzy Hash: ed37e71b918876b5dfba1bae4127bdfb8174ef4fb814a6e86e8dd199f863976a
                                                                                                                                                    • Instruction Fuzzy Hash: 1BD1F13260C351CFC715CF28D89052AB7E2FB89356F198A7EE89187392D734EA45CB85
                                                                                                                                                    Function 00446170 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 279 446170-4461a2 LdrInitializeThunk
                                                                                                                                                    APIs
                                                                                                                                                    • LdrInitializeThunk.NTDLL(00449900,005C003F,00000002,00000018,-0000002C), ref: 0044619E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                    • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                    • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                    • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                    Function 0040D440 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 163threadCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CurrentProcess$ExitInputStateThread
                                                                                                                                                    • String ID: 1032$=<?>
                                                                                                                                                    • API String ID: 1029096631-142149872
                                                                                                                                                    • Opcode ID: 2038bd2d9c6b73b4e40e6721bc239594da0d4a758a92c2be858ddf17731f4e98
                                                                                                                                                    • Instruction ID: 555f25744c8546db94be89d719047032197e0e4c17fd340f55623defcaf143b8
                                                                                                                                                    • Opcode Fuzzy Hash: 2038bd2d9c6b73b4e40e6721bc239594da0d4a758a92c2be858ddf17731f4e98
                                                                                                                                                    • Instruction Fuzzy Hash: B341497480C240ABD301BF99D544A1EFBE5EF52709F148C2EE5C497392C73AD8188B6B
                                                                                                                                                    Function 00445D00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 49 445d00-445d14 50 445d7c-445d85 call 4433c0 49->50 51 445d1b-445d22 49->51 60 445d95-445d97 50->60 53 445d87-445d88 call 4434c0 51->53 54 445d29-445d3e 51->54 61 445d8d-445d90 53->61 57 445d66-445d7a RtlReAllocateHeap 54->57 58 445d40-445d64 call 446120 54->58 59 445d92 57->59 58->57 59->60 61->59
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 123
                                                                                                                                                    • API String ID: 0-1549188022
                                                                                                                                                    • Opcode ID: 3b7ffe2aac24cb1726d60088a50c21288039220aa40cb04d8e81f50c79dfa51c
                                                                                                                                                    • Instruction ID: a2739fd40284dee98ce23fb6b7046590f6569b0d26867e028d520841740e6407
                                                                                                                                                    • Opcode Fuzzy Hash: 3b7ffe2aac24cb1726d60088a50c21288039220aa40cb04d8e81f50c79dfa51c
                                                                                                                                                    • Instruction Fuzzy Hash: 7301C4759082409BD701AF28EC0591FBBF4EF86B46F05882DF4C497212D339D911CBA7
                                                                                                                                                    Function 0040EBE0 Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 191 40ebe0-40ec59 192 40ec95-40ece4 191->192 193 40ec5b 191->193 194 40ece6 192->194 195 40ed1c-40ed2e LoadLibraryExW call 444c50 192->195 196 40ec60-40ec93 call 411d30 193->196 197 40ecf0-40ed1a call 411cc0 194->197 202 40ed33-40ed4a 195->202 196->192 197->195
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(D7BFC9B3,00000000,F10E070C), ref: 0040ED26
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                    • Opcode ID: 4dc88cb0df99b8d3a98c5cdb1ec670fef7d35882cd1cc8b0d4f236a3e63d11aa
                                                                                                                                                    • Instruction ID: 4cd38cbd0c32a819dd0be2aab1182d7eadff182a12367131b0f4107e1301bfc1
                                                                                                                                                    • Opcode Fuzzy Hash: 4dc88cb0df99b8d3a98c5cdb1ec670fef7d35882cd1cc8b0d4f236a3e63d11aa
                                                                                                                                                    • Instruction Fuzzy Hash: 39318BB0D012589BEB10DF69DC45BAEBBB5BB45304F1046AAE444B7381D3385D45CFA5
                                                                                                                                                    Function 0044505A Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 261 44505a-44509c 262 4450c4-4450d0 LoadLibraryExW 261->262 263 44509e-44509f 261->263 265 4450d6-445104 262->265 266 445760-4457c2 262->266 264 4450a0-4450c2 call 445fe0 263->264 264->262 265->266 270 4457c4 266->270 270->270
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 004450CC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                    • Opcode ID: 1401677f78b509c29d26488211ab75afea7a33a3747d27f15bf2e2205be3d739
                                                                                                                                                    • Instruction ID: 83e9078ad7175dbac619403ff4e3d92812a4052d2d9051f59a847d15e64dbb14
                                                                                                                                                    • Opcode Fuzzy Hash: 1401677f78b509c29d26488211ab75afea7a33a3747d27f15bf2e2205be3d739
                                                                                                                                                    • Instruction Fuzzy Hash: D621D274900396DFDB05CFA8D5906ADFBB0BF1A302F58445DD441B7382C334AA12CBA9
                                                                                                                                                    Function 004434C0 Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 271 4434c0-4434cf 272 4434d6-4434f3 271->272 273 443539-44353d 271->273 274 4434f5 272->274 275 443526-443533 RtlFreeHeap 272->275 276 443500-443524 call 446090 274->276 275->273 276->275
                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000), ref: 00443533
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                    • Opcode ID: f2361dc6212d74a21cb31e294bd24aa35daa0bd91e01053351e2e50b4d0e9618
                                                                                                                                                    • Instruction ID: fc2577b4e93f0db1609ff2d77d0976e1a143cc53a5c5a00cb9e7c077c0dd0e2b
                                                                                                                                                    • Opcode Fuzzy Hash: f2361dc6212d74a21cb31e294bd24aa35daa0bd91e01053351e2e50b4d0e9618
                                                                                                                                                    • Instruction Fuzzy Hash: E1F01974508240ABD301AF18E954B0EBBE5EF56705F054C2CE4C49B262D239DC64CB96
                                                                                                                                                    Function 00443498 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 280 443498-4434a2 RtlAllocateHeap
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 004434A2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: cbad0095acf85e61a526637b6e979c92ebeb1ba137fe47122b9aa8f39d59db8e
                                                                                                                                                    • Instruction ID: ce2431340337354b508a90f7e092094382eca2a811d93d9dc87149ba3909bbc2
                                                                                                                                                    • Opcode Fuzzy Hash: cbad0095acf85e61a526637b6e979c92ebeb1ba137fe47122b9aa8f39d59db8e
                                                                                                                                                    • Instruction Fuzzy Hash: 57B00230245215B9E17317115CD5F7F1D6CDF43ED6F100454B204150D14664A541D57D

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 0041DDFF Relevance: 23.7, Strings: 18, Instructions: 1225COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+($%*+($@C$L$TWVQX[ZU\_^Y$X[ZU$YZ[D$\_^Y$`cb}$defg$efg`$hkje$pqrs$twvq$x{zu$IK$Nz{$OA
                                                                                                                                                    • API String ID: 0-1295941102
                                                                                                                                                    • Opcode ID: 48e835f5be9040a48b08e8b35f7b5511272b6288aa07e1c1f157d3cc9bcb95d1
                                                                                                                                                    • Instruction ID: 068315d960757206ca91bfe4b5e0174fc538cc8ee9f9319a078fc8026ce8db79
                                                                                                                                                    • Opcode Fuzzy Hash: 48e835f5be9040a48b08e8b35f7b5511272b6288aa07e1c1f157d3cc9bcb95d1
                                                                                                                                                    • Instruction Fuzzy Hash: 55A2BCB55083809BD730CF15C841BEFBBE2BFC4304F54492EE9899B281DB799985CB5A
                                                                                                                                                    Function 00438660 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 101clipboardCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                    • String ID: 6$6$8$9$9$=$?
                                                                                                                                                    • API String ID: 2832541153-2499364611
                                                                                                                                                    • Opcode ID: 4ecb5cea78e22550e51f1c0766650d3c625aa133cf73940c3d24e28092cbc1b9
                                                                                                                                                    • Instruction ID: 7394c3911a48552e0d11dc9b34c2007da1fa56957142a7b7922b5d5dbbba1851
                                                                                                                                                    • Opcode Fuzzy Hash: 4ecb5cea78e22550e51f1c0766650d3c625aa133cf73940c3d24e28092cbc1b9
                                                                                                                                                    • Instruction Fuzzy Hash: 42416A7450C3818ED301AF78958832EBFE0AB96314F14492EF4D986382D7798549CBA7
                                                                                                                                                    Function 00431670 Relevance: 21.6, APIs: 2, Strings: 9, Instructions: 2329COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: *&- $*XJe$53C$:\Bz$JX`b$WXM,$]h>l$avqy$w[Nc
                                                                                                                                                    • API String ID: 0-2470705936
                                                                                                                                                    • Opcode ID: 0fdc167ce9c2e05a2bafd4b6b83f0d338f32d447e1db1341dbb0ee312911c54d
                                                                                                                                                    • Instruction ID: 6b52d3f67adb24664c3a91c36719e14c9fa1994e195d47c860f543d90ad0f600
                                                                                                                                                    • Opcode Fuzzy Hash: 0fdc167ce9c2e05a2bafd4b6b83f0d338f32d447e1db1341dbb0ee312911c54d
                                                                                                                                                    • Instruction Fuzzy Hash: 0E039C70404B808AE7618F35C4907E7BBE1AF1A305F44989ED4EA8B392DB79B549CF64
                                                                                                                                                    Function 0043F8E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 588memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: String$Alloc$InitVariant
                                                                                                                                                    • String ID: %*+($%*+($XY
                                                                                                                                                    • API String ID: 3520221836-3681054843
                                                                                                                                                    • Opcode ID: 360088e75a0bfdc16e152703c8ceb466edd7a1128cd954dfb99185e274686783
                                                                                                                                                    • Instruction ID: 873cf424640911aa45cd168c27eba4822a74ad18274f36e812021d333af19f67
                                                                                                                                                    • Opcode Fuzzy Hash: 360088e75a0bfdc16e152703c8ceb466edd7a1128cd954dfb99185e274686783
                                                                                                                                                    • Instruction Fuzzy Hash: D422DD75A08301DFEB00CF24D881B6EBBE2FB89356F14892DE485973A1D738D905CB5A
                                                                                                                                                    Function 00412920 Relevance: 18.6, APIs: 4, Strings: 6, Instructions: 1104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004129F2
                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00412A14
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 00412DC0
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Initialize$DirectorySecuritySystem
                                                                                                                                                    • String ID: C@rH$E|IH$Nyvw$US$YW$}O{
                                                                                                                                                    • API String ID: 1379780170-2937083641
                                                                                                                                                    • Opcode ID: 601a931b4932948a2403d0c7624d7db1059ed815bf0903b108b5d2d569a19989
                                                                                                                                                    • Instruction ID: 38e0f33ada8cfcad5abcb3afe9dd52bce474a6cad6ff29d136f25e6762998c79
                                                                                                                                                    • Opcode Fuzzy Hash: 601a931b4932948a2403d0c7624d7db1059ed815bf0903b108b5d2d569a19989
                                                                                                                                                    • Instruction Fuzzy Hash: 0682FFB0500B409FD7209F25C881767BBF0BF46308F14896EE4EA8B792D738B459CB99
                                                                                                                                                    Function 0042C510 Relevance: 14.6, APIs: 1, Strings: 7, Instructions: 565COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: !$DE$DtsN$H-X#$S~Dw$W\T_$sDtB
                                                                                                                                                    • API String ID: 0-425027836
                                                                                                                                                    • Opcode ID: 7e1da9aa85fd5b99e25369d9935cc3627feeb4c8913f5c2c6ef13a2c1dcba7a0
                                                                                                                                                    • Instruction ID: e1b66d668db3eaf284a4465e3d0956aa058187ba537616815b15f550d3aba65b
                                                                                                                                                    • Opcode Fuzzy Hash: 7e1da9aa85fd5b99e25369d9935cc3627feeb4c8913f5c2c6ef13a2c1dcba7a0
                                                                                                                                                    • Instruction Fuzzy Hash: 5612BDB0908340DBD720AF25E881A2FBBF1FB8A749F54492DF5C497262D739D910CB5A
                                                                                                                                                    Function 00401000 Relevance: 10.7, Strings: 7, Instructions: 1903COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$A$gfff$gfff$gfff
                                                                                                                                                    • API String ID: 0-947532036
                                                                                                                                                    • Opcode ID: 996ba5dc3168681fd38e148dabe03815a128900909ee63cb8306b0a2ad223509
                                                                                                                                                    • Instruction ID: 24bb21e3c4691d0f802f2e4d9f0ac50f3d80cbbb945afd05861994f8d06a46a0
                                                                                                                                                    • Opcode Fuzzy Hash: 996ba5dc3168681fd38e148dabe03815a128900909ee63cb8306b0a2ad223509
                                                                                                                                                    • Instruction Fuzzy Hash: ECD2D2716083518FD714CE29C48476BBBE2AF89314F188A3EE895EB3D1D778D905CB86
                                                                                                                                                    Function 00401589 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
                                                                                                                                                    • API String ID: 0-925659942
                                                                                                                                                    • Opcode ID: 199267cbc64dd1aff0fa29f7712c1943bdcd0e8d47f77a3fba5e71398c634568
                                                                                                                                                    • Instruction ID: b3b00cec798cd1528e2ee9d4f337dfc5343f57f5716b313ecf57be9c9f94580f
                                                                                                                                                    • Opcode Fuzzy Hash: 199267cbc64dd1aff0fa29f7712c1943bdcd0e8d47f77a3fba5e71398c634568
                                                                                                                                                    • Instruction Fuzzy Hash: 49E1A071A083518FD718CE28C59436FBBE2ABC5314F18893EE989A73D1D778D8458B86
                                                                                                                                                    Function 0040138D Relevance: 7.9, Strings: 6, Instructions: 375COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
                                                                                                                                                    • API String ID: 0-854689426
                                                                                                                                                    • Opcode ID: 969c0f03edb96067ab8def27398de18479f8ad2823b5aa3408d4fb50fcc3226b
                                                                                                                                                    • Instruction ID: 2696d8f97c251a1de466447bacde96e6948098190633bd25ae01061a9d8bcc11
                                                                                                                                                    • Opcode Fuzzy Hash: 969c0f03edb96067ab8def27398de18479f8ad2823b5aa3408d4fb50fcc3226b
                                                                                                                                                    • Instruction Fuzzy Hash: FCD1B171A087518FC315CE28C58426BFBE1AFD5304F088A7EE9D9A73D2D278D945CB86
                                                                                                                                                    Function 0040DFC0 Relevance: 7.8, Strings: 6, Instructions: 312COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: #e$D$Xf$[l$_V$
                                                                                                                                                    • API String ID: 0-3536235331
                                                                                                                                                    • Opcode ID: 67262b1051dd673af7e239b98ac4f8c439d4e2c351219076c9ca7b849ba843ec
                                                                                                                                                    • Instruction ID: 1761856c2a82565d78c4bf05444e2d9e5f9ae0245f81a3f62c8a9502a39ae87c
                                                                                                                                                    • Opcode Fuzzy Hash: 67262b1051dd673af7e239b98ac4f8c439d4e2c351219076c9ca7b849ba843ec
                                                                                                                                                    • Instruction Fuzzy Hash: D6C113B450C3809BD311EF55D584A2FBBF8AB96704F140D2DE1C4AB292C779D918CBAB
                                                                                                                                                    Function 004012F2 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0$0$0$@$i
                                                                                                                                                    • API String ID: 0-3124195287
                                                                                                                                                    • Opcode ID: 4edeaa5b93483764b9d6a388038abc3ace40cc9d88d1d2ffe131e48266618e72
                                                                                                                                                    • Instruction ID: c1b2f36e857e21a3adf8d70cb624002cf2f3473e490e7fe7e2f4c6f4f87173b2
                                                                                                                                                    • Opcode Fuzzy Hash: 4edeaa5b93483764b9d6a388038abc3ace40cc9d88d1d2ffe131e48266618e72
                                                                                                                                                    • Instruction Fuzzy Hash: C062E271A083518FD318CE28C68476BBBE1AF85704F14893EE8D9A73D1D678DD45CB8A
                                                                                                                                                    Function 0042D295 Relevance: 5.7, Strings: 4, Instructions: 727COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: "$['r!$hk$rB
                                                                                                                                                    • API String ID: 0-1682562665
                                                                                                                                                    • Opcode ID: 0e6463dd2a01415b111909c7c3e1d0977b6b7ce78372913de24c2d6c2f1a41c6
                                                                                                                                                    • Instruction ID: b4c2d6d6ba26f63a79bf277c57a7f133fb0ab336795b84b6f6cd2d81b95e67fd
                                                                                                                                                    • Opcode Fuzzy Hash: 0e6463dd2a01415b111909c7c3e1d0977b6b7ce78372913de24c2d6c2f1a41c6
                                                                                                                                                    • Instruction Fuzzy Hash: 5D42E2B1A08350CFD310DF29D89072BBBE2BF86314F544A2DE4959B3A2C779D905CB4A
                                                                                                                                                    Function 0042D4D4 Relevance: 5.7, Strings: 4, Instructions: 675COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: "$['r!$hk$rB
                                                                                                                                                    • API String ID: 0-1682562665
                                                                                                                                                    • Opcode ID: 88f762bedf9fafaee3b9f48913d9a44c016105b9b4fbf06ee61f083eaedf4a66
                                                                                                                                                    • Instruction ID: 9856a21ac58daef009a3e972bb09b36dda588f2d14b9a74063aefb32263dd0cb
                                                                                                                                                    • Opcode Fuzzy Hash: 88f762bedf9fafaee3b9f48913d9a44c016105b9b4fbf06ee61f083eaedf4a66
                                                                                                                                                    • Instruction Fuzzy Hash: 8E32F2B1A08390CFD310CF29D89072ABBE2BF86314F544A6DE4D59B3A2C779D905CB46
                                                                                                                                                    Function 0042C6E1 Relevance: 5.4, Strings: 4, Instructions: 430COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ,[$1>%;$KVQA$OFH<
                                                                                                                                                    • API String ID: 0-4269818227
                                                                                                                                                    • Opcode ID: b71b651a47b6dfb0c3d8f82ff67fd01b2d929465fec70549e1dde3b3852a2f98
                                                                                                                                                    • Instruction ID: b8f894667c65b4dd157318e3c21b91de949b37a2d4b7c1362151cae01adca53f
                                                                                                                                                    • Opcode Fuzzy Hash: b71b651a47b6dfb0c3d8f82ff67fd01b2d929465fec70549e1dde3b3852a2f98
                                                                                                                                                    • Instruction Fuzzy Hash: BFE10FB16083918BC710DF29E88072FBBE1AF96345F58496EF4C19B352C339D905CB9A
                                                                                                                                                    Function 0042E927 Relevance: 5.4, Strings: 4, Instructions: 426COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: bB$db$h$|8
                                                                                                                                                    • API String ID: 0-91127411
                                                                                                                                                    • Opcode ID: deab92c9cbc9d9de2b1c1fe956664459c393dca9077f61ac2a7ba1243478d82d
                                                                                                                                                    • Instruction ID: 896ada1ff1f034f350e592ef9e933001ddcc8871c35886f94cb3d41f898676cf
                                                                                                                                                    • Opcode Fuzzy Hash: deab92c9cbc9d9de2b1c1fe956664459c393dca9077f61ac2a7ba1243478d82d
                                                                                                                                                    • Instruction Fuzzy Hash: A1D199B0608341CFD7109F69E89166BBBF1BF96345F44492EE486873A2D339D805CB5A
                                                                                                                                                    Function 0040FC00 Relevance: 5.4, Strings: 4, Instructions: 384COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 2$:;:9$]Z$tw
                                                                                                                                                    • API String ID: 0-793706539
                                                                                                                                                    • Opcode ID: 6188e216cbeb179f24fc8e628abda167621527b7d1e0a154056f1a40f7c32dea
                                                                                                                                                    • Instruction ID: 036747dbfc9a0d8c62192e74824560da54d6a4c1e3741b43f6b35547dc194d56
                                                                                                                                                    • Opcode Fuzzy Hash: 6188e216cbeb179f24fc8e628abda167621527b7d1e0a154056f1a40f7c32dea
                                                                                                                                                    • Instruction Fuzzy Hash: 53E177705083809BD311DF148590A5FBBE1AB96748F28482EF4C89B352D37AD989DB9B
                                                                                                                                                    Function 00427D03 Relevance: 5.3, Strings: 4, Instructions: 295COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+($'60$:04<$~Cuq
                                                                                                                                                    • API String ID: 0-2643050054
                                                                                                                                                    • Opcode ID: 237d7b2a6b96ba4955b6a9243a7696b6daf2c5d7641eb66b414ab9290ffdf30c
                                                                                                                                                    • Instruction ID: 49a9679fff2f7aff9eeb0649bb44144b187cb137392283ddcdfcdf80b45c828b
                                                                                                                                                    • Opcode Fuzzy Hash: 237d7b2a6b96ba4955b6a9243a7696b6daf2c5d7641eb66b414ab9290ffdf30c
                                                                                                                                                    • Instruction Fuzzy Hash: 0C91CE71E04268CBDB24CF99E840BAEBBB1FF45301F6484A9E855AB391DB349941CF64
                                                                                                                                                    Function 0042EE40 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: U{y$X[$tk$sq
                                                                                                                                                    • API String ID: 0-2103365980
                                                                                                                                                    • Opcode ID: 4b7a5d6ba5c3288a9d1afa90a90d86f5313d1c8d5784ef9a449c9005a09ef170
                                                                                                                                                    • Instruction ID: 479a2e777bba1b133546996b6cbb3bc05e0ea32c95f0f30833b425fb4052de07
                                                                                                                                                    • Opcode Fuzzy Hash: 4b7a5d6ba5c3288a9d1afa90a90d86f5313d1c8d5784ef9a449c9005a09ef170
                                                                                                                                                    • Instruction Fuzzy Hash: A37199B45083908BD710DF15D890B2BBBF0FFA6744F94495DE4C89B3A2E3798944CB9A
                                                                                                                                                    Function 00444240 Relevance: 4.3, Strings: 3, Instructions: 596COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+($%*+($f
                                                                                                                                                    • API String ID: 0-498254078
                                                                                                                                                    • Opcode ID: cbc4eced61f62f119027366424f1f7bb3403b554a8958e8fefac7d47202699e3
                                                                                                                                                    • Instruction ID: 1a6dac30fe805108a966faffdc33822bf40150380eef598f7c6b625c5c123cfc
                                                                                                                                                    • Opcode Fuzzy Hash: cbc4eced61f62f119027366424f1f7bb3403b554a8958e8fefac7d47202699e3
                                                                                                                                                    • Instruction Fuzzy Hash: EF129B756083419BE714CF18C890B2BBBE1BBC9714F188A2EF99597392D339DC05CB96
                                                                                                                                                    Function 00420C4C Relevance: 4.1, Strings: 3, Instructions: 353COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: )E4G$G9I;$N=I?
                                                                                                                                                    • API String ID: 0-3615135358
                                                                                                                                                    • Opcode ID: 128d32527ceb8ce6df3ee2bb62cf3c0f97c754dda77e12158d28d93f7bed1f7f
                                                                                                                                                    • Instruction ID: 24387466f040e05a76eb43b91bc72ee0861cf682cad13a710ff6240ba0847933
                                                                                                                                                    • Opcode Fuzzy Hash: 128d32527ceb8ce6df3ee2bb62cf3c0f97c754dda77e12158d28d93f7bed1f7f
                                                                                                                                                    • Instruction Fuzzy Hash: E0B11475E00224CBCF208F54E8416AEB7F1FF59314F554529E885BB392E339E951CBA8
                                                                                                                                                    Function 0041D1D0 Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+($Ow$rw
                                                                                                                                                    • API String ID: 0-1519177400
                                                                                                                                                    • Opcode ID: fd96287aa3d4a93aa976985ac179b5453aeecac61c8dcf1c2ff8a14e243eabd3
                                                                                                                                                    • Instruction ID: f23b6244d73a815b963dfababe9a6b12f4ce0309d7f7885e65b13b10d315b4cb
                                                                                                                                                    • Opcode Fuzzy Hash: fd96287aa3d4a93aa976985ac179b5453aeecac61c8dcf1c2ff8a14e243eabd3
                                                                                                                                                    • Instruction Fuzzy Hash: 4EB1C1B4508340DBD730DF54D881BABB7E5FF85314F044A2EF8899B292E7399890CB66
                                                                                                                                                    Function 00443DA0 Relevance: 4.0, Strings: 3, Instructions: 202COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: %*(6$%*+($0
                                                                                                                                                    • API String ID: 2994545307-3473288163
                                                                                                                                                    • Opcode ID: 0077517d808b134969c0a61bd93b8cb893cfed0329f65ac13bc8b8bfc8004041
                                                                                                                                                    • Instruction ID: e9680ad2f9f8eb96964dc97cff5cf50a58ca1cd9ebcea699be840100c7839991
                                                                                                                                                    • Opcode Fuzzy Hash: 0077517d808b134969c0a61bd93b8cb893cfed0329f65ac13bc8b8bfc8004041
                                                                                                                                                    • Instruction Fuzzy Hash: 667153B4609340ABE714DF09D890B2BBBF5FB89705F64481EF88587381C739E914CB96
                                                                                                                                                    Function 00446BE5 Relevance: 3.9, Strings: 3, Instructions: 138COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: &I$[I$wq
                                                                                                                                                    • API String ID: 0-4053064096
                                                                                                                                                    • Opcode ID: ab1c5bca56f4b8d29862dd938c2cf0be91c4f3d54f419d971872d4bb5286f9f8
                                                                                                                                                    • Instruction ID: 1fe5a67717864987b5b56f276fa3c3ec5c9c3a98a5f823a3a65e190a468f704a
                                                                                                                                                    • Opcode Fuzzy Hash: ab1c5bca56f4b8d29862dd938c2cf0be91c4f3d54f419d971872d4bb5286f9f8
                                                                                                                                                    • Instruction Fuzzy Hash: 6441D1B49042859FEB05CF54D5C046EBBB1FB07316B25485EE882EB257C338DE12CB6A
                                                                                                                                                    Function 00433F92 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 258libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(C15BC75B,00000000,00000800), ref: 00433F6E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID: u}|
                                                                                                                                                    • API String ID: 1029625771-2851992303
                                                                                                                                                    • Opcode ID: ce68ba67ca8f733b544a0100011ff25e7e27cf4692d08a45cf3ce3330b8fdfd1
                                                                                                                                                    • Instruction ID: f9190f88e36dfb6965098df4861525961f7f17c5ea778a06d28252cdd58d4410
                                                                                                                                                    • Opcode Fuzzy Hash: ce68ba67ca8f733b544a0100011ff25e7e27cf4692d08a45cf3ce3330b8fdfd1
                                                                                                                                                    • Instruction Fuzzy Hash: 42818370104B408AD7B18B358494BE3BBE4BF1A704F44985DE4EF9B282DF39B449CB55
                                                                                                                                                    Function 00433BFE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 248libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryExW.KERNEL32(C15BC75B,00000000,00000800), ref: 00433F39
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID: u}|
                                                                                                                                                    • API String ID: 1029625771-2851992303
                                                                                                                                                    • Opcode ID: 78bc8ec8a3cdcad72556845b164331c21d5f2c6ee381d91a938ff75e3227c4fc
                                                                                                                                                    • Instruction ID: 2bae18b7b44f6fec5e9c5cbfeb64c4ebb28a725739c8ed80fc195fa07bb6389e
                                                                                                                                                    • Opcode Fuzzy Hash: 78bc8ec8a3cdcad72556845b164331c21d5f2c6ee381d91a938ff75e3227c4fc
                                                                                                                                                    • Instruction Fuzzy Hash: 45818070404B808AD7B18F358490BE3BBE4BF1A705F84985DE4EF9B282CF39A549CB55
                                                                                                                                                    Function 0041508C Relevance: 3.4, Strings: 2, Instructions: 940COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: {q$}[A
                                                                                                                                                    • API String ID: 0-1064870701
                                                                                                                                                    • Opcode ID: 2f2515f5c2b7ffa030d83e9c0e28046b561606187bb51ab8c29fd2ab7d8c9eed
                                                                                                                                                    • Instruction ID: 03a1573f7b603ce9b1292b23f8fedd44f9dc0fc8fe92b0099f73fd474fbc992e
                                                                                                                                                    • Opcode Fuzzy Hash: 2f2515f5c2b7ffa030d83e9c0e28046b561606187bb51ab8c29fd2ab7d8c9eed
                                                                                                                                                    • Instruction Fuzzy Hash: F252AE75908780DBD705DF64D880AAFFBE5AFC6348F08492EF48993251E778D884CB5A
                                                                                                                                                    Function 00403780 Relevance: 2.9, Strings: 2, Instructions: 417COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Inf$NaN
                                                                                                                                                    • API String ID: 0-3500518849
                                                                                                                                                    • Opcode ID: 6767733b9d464330a70aefdc8cfb6ac49b1bf2eade0196f6ebfe0eff0bc5d5a4
                                                                                                                                                    • Instruction ID: 5750af31710b7be396716ece945ac45430cfc578f763f0feedc63731ac078348
                                                                                                                                                    • Opcode Fuzzy Hash: 6767733b9d464330a70aefdc8cfb6ac49b1bf2eade0196f6ebfe0eff0bc5d5a4
                                                                                                                                                    • Instruction Fuzzy Hash: B0D1C472A083019BC704DF28C88061BBBE9EBC4755F158A3EF899A73D1E775DD058B86
                                                                                                                                                    Function 004480A0 Relevance: 2.9, Strings: 2, Instructions: 402COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: =:;8$P
                                                                                                                                                    • API String ID: 0-1969647149
                                                                                                                                                    • Opcode ID: 28344b5c60bda21f0bdc4bc70e267d48a748ae1c3a8308a950d15832200931b9
                                                                                                                                                    • Instruction ID: 1e8b8bdf2a542f3e92cbfeb44d373b524065b8f6be8065c92f9e99662059e54e
                                                                                                                                                    • Opcode Fuzzy Hash: 28344b5c60bda21f0bdc4bc70e267d48a748ae1c3a8308a950d15832200931b9
                                                                                                                                                    • Instruction Fuzzy Hash: D5D137729083604FD725CE18989071FB6E1EB85718F15863DE8B6AB380DB79DC06C7C6
                                                                                                                                                    Function 00447820 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: =:;8$=:;8
                                                                                                                                                    • API String ID: 2994545307-1685821102
                                                                                                                                                    • Opcode ID: a35135be9c919232384bd6e671b4d0dbb1517dda334c2e6cc566ffdaaec23ecd
                                                                                                                                                    • Instruction ID: a91d2e0b5a23a234b07f9e31dec56dce6f6508cc96fc8eb6b4ab80176d214a42
                                                                                                                                                    • Opcode Fuzzy Hash: a35135be9c919232384bd6e671b4d0dbb1517dda334c2e6cc566ffdaaec23ecd
                                                                                                                                                    • Instruction Fuzzy Hash: 30A1AD71608340ABF720DB15CC80B6BB7E6EB85354F544C2EF98597392E734E942CB9A
                                                                                                                                                    Function 00429140 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ['e!$hk
                                                                                                                                                    • API String ID: 0-2806763672
                                                                                                                                                    • Opcode ID: 821deb910ea2da8005630f1794a8280b095369fb597dab505a02391f5c0c19bc
                                                                                                                                                    • Instruction ID: c1309e704af3fc6eb13b08a1d19bf67029931396b96b62dd5e576af40f11d1b1
                                                                                                                                                    • Opcode Fuzzy Hash: 821deb910ea2da8005630f1794a8280b095369fb597dab505a02391f5c0c19bc
                                                                                                                                                    • Instruction Fuzzy Hash: 9A5111B450C384AFD300EF15D984A1EBBF8AB96748F94890DF1D59B251C37999088BA7
                                                                                                                                                    Function 00444040 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+($uxVd
                                                                                                                                                    • API String ID: 0-4108384496
                                                                                                                                                    • Opcode ID: d571fb84001a311b27c760ae5d4fc1bc14b38e726fca36176443eb68829bf1b9
                                                                                                                                                    • Instruction ID: 05da06c2397de99a335579e432a13c5a0717f8861c3235bd1ab541de5fa57fe6
                                                                                                                                                    • Opcode Fuzzy Hash: d571fb84001a311b27c760ae5d4fc1bc14b38e726fca36176443eb68829bf1b9
                                                                                                                                                    • Instruction Fuzzy Hash: E341EF71508204EBEB20DF54DC45B2BBBA6EFD5301F14842EEA8593351D73AEC60DB5A
                                                                                                                                                    Function 00449D20 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: =:;8$@
                                                                                                                                                    • API String ID: 2994545307-1758559817
                                                                                                                                                    • Opcode ID: 3708f71c43ed80b5337cd89b4e6d032253459fb3c81ad0b230c899547dae0e26
                                                                                                                                                    • Instruction ID: 7748d085d769de4df17560be8deaa0b9b868d3d977420cebb3d28721fc94e744
                                                                                                                                                    • Opcode Fuzzy Hash: 3708f71c43ed80b5337cd89b4e6d032253459fb3c81ad0b230c899547dae0e26
                                                                                                                                                    • Instruction Fuzzy Hash: 9C319C719083048BD314DF54D881A2BFBF5EF89305F14892DE59897391D379D904CB9A
                                                                                                                                                    Function 00446C5A Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: &I$wq
                                                                                                                                                    • API String ID: 0-356460525
                                                                                                                                                    • Opcode ID: d293ce42fe70478f230bdb60bfccd220a3009f50ea123d14ca5dee4218630023
                                                                                                                                                    • Instruction ID: c606a23a42dd016db69cca957979e520dbc8919df0b1a6e5504e9e4409553baa
                                                                                                                                                    • Opcode Fuzzy Hash: d293ce42fe70478f230bdb60bfccd220a3009f50ea123d14ca5dee4218630023
                                                                                                                                                    • Instruction Fuzzy Hash: D6318D749012458BDF04CF95C5C45AEBB71FB12326B644489D841AF35BC3389A12CB7A
                                                                                                                                                    Function 0042A280 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 8:$<>
                                                                                                                                                    • API String ID: 0-2607517028
                                                                                                                                                    • Opcode ID: f191b6225047ce9ac79211f89af6dbe54f23a12f9d7d45ec6ab146bc94458933
                                                                                                                                                    • Instruction ID: 0e3f2d000814e27ebf642ea3fc307db00a563544b109cb512792b31d20cb6d2e
                                                                                                                                                    • Opcode Fuzzy Hash: f191b6225047ce9ac79211f89af6dbe54f23a12f9d7d45ec6ab146bc94458933
                                                                                                                                                    • Instruction Fuzzy Hash: 8C2147785093918AC7308F20E5007ABB7F1FF82745FA4595EE8C89B254EB38C951CB9B
                                                                                                                                                    Function 00405320 Relevance: 1.8, Strings: 1, Instructions: 565COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %1.17g
                                                                                                                                                    • API String ID: 0-1551345525
                                                                                                                                                    • Opcode ID: dd6a7eb2d0d7bbb63a615d1e3754048cbe5650e35b3cbbf375799f2681c3fbff
                                                                                                                                                    • Instruction ID: 9e7591791ad0f454e87cde0222c78f12d4fd32dc9f84a582a68d41016156be40
                                                                                                                                                    • Opcode Fuzzy Hash: dd6a7eb2d0d7bbb63a615d1e3754048cbe5650e35b3cbbf375799f2681c3fbff
                                                                                                                                                    • Instruction Fuzzy Hash: EB1206B5A04B418BD7248E14D480327BBA2EFA1314F19857FD8996B3D1E379DC05CF4A
                                                                                                                                                    Function 00426FF0 Relevance: 1.7, APIs: 1, Instructions: 242comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoCreateInstance.OLE32(0044CB80,00000000,00000001,0044CB70), ref: 00427019
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 542301482-0
                                                                                                                                                    • Opcode ID: ec27573f70f5e747fdf06321336757e1522e122a1f082b3c8c64d933f0084cb7
                                                                                                                                                    • Instruction ID: 1dd9ba42d1134c331707e76eb789f7df9472961eee14d6a098fc4a49939699d2
                                                                                                                                                    • Opcode Fuzzy Hash: ec27573f70f5e747fdf06321336757e1522e122a1f082b3c8c64d933f0084cb7
                                                                                                                                                    • Instruction Fuzzy Hash: C551E0B17083209BDB209B24EC86B7733B4EF86758F444559F985CB391E379E805C76A
                                                                                                                                                    Function 0042B830 Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: 887bcb71e6d876f3e014cf56117bb170a8e51405aadb3a0b295df84bfe238741
                                                                                                                                                    • Instruction ID: f9febf01f33fa36a7d1ddb789204e0492b300cd01202f1c206ecb09263a886c3
                                                                                                                                                    • Opcode Fuzzy Hash: 887bcb71e6d876f3e014cf56117bb170a8e51405aadb3a0b295df84bfe238741
                                                                                                                                                    • Instruction Fuzzy Hash: E7F188B4518344DFE3209F19E841B2BBBF5FB8A705F94882DF58887262D735D814CB9A
                                                                                                                                                    Function 00430590 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: "
                                                                                                                                                    • API String ID: 0-123907689
                                                                                                                                                    • Opcode ID: 8a10a5681b2d5c1321d14bc6849af6036fd86266613414d189da376854f8adda
                                                                                                                                                    • Instruction ID: a7ce59651d0f1017d8e90d6f75074ff501fb05f5f21ec41f2c7a0edceb7c194d
                                                                                                                                                    • Opcode Fuzzy Hash: 8a10a5681b2d5c1321d14bc6849af6036fd86266613414d189da376854f8adda
                                                                                                                                                    • Instruction Fuzzy Hash: 11D116B2A043045BD724DE25D4A176FB7D5AF98310F19972FE89A87382D73CDC048B96
                                                                                                                                                    Function 0042A3A8 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 01
                                                                                                                                                    • API String ID: 0-3477152822
                                                                                                                                                    • Opcode ID: 674cb8e8adf0315d6a6fffb6ac0f4a13a69d8baabf21808da83b8701c7c45dbe
                                                                                                                                                    • Instruction ID: 7e134364cd7e184ee4634b8f381546ae3e067e8cf23b76fa9936b622e07eefea
                                                                                                                                                    • Opcode Fuzzy Hash: 674cb8e8adf0315d6a6fffb6ac0f4a13a69d8baabf21808da83b8701c7c45dbe
                                                                                                                                                    • Instruction Fuzzy Hash: 4FD1BD71A083228BC314DF24E58062BB3F2FF85B45F948D1DE8C597251E738D965CB9A
                                                                                                                                                    Function 0042F1B0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: c5V3
                                                                                                                                                    • API String ID: 0-2034645838
                                                                                                                                                    • Opcode ID: 41b5bee89015c9d7273252287537bd235302f0ec3de3bbfb0e4c2616ac2d136d
                                                                                                                                                    • Instruction ID: 53da8b907d0e7fd06adce62e70ed86e252d15535f9b3330e2a1b3c94f45f4202
                                                                                                                                                    • Opcode Fuzzy Hash: 41b5bee89015c9d7273252287537bd235302f0ec3de3bbfb0e4c2616ac2d136d
                                                                                                                                                    • Instruction Fuzzy Hash: B5C1A9B0508351EBD310DF25E88062BBBF4EF8A745F940D2DE5D09B262D339D849CB9A
                                                                                                                                                    Function 00433335 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: *&- $*XJe$53C$:\Bz$JX`b$WXM,$]h>l$avqy$w[Nc
                                                                                                                                                    • API String ID: 0-2470705936
                                                                                                                                                    • Opcode ID: 24524302bc7e1c2d4906d3de34d7e6b3f5bcfbafb4094b9b0bee2a8fe50574e8
                                                                                                                                                    • Instruction ID: 06cb31238f2708f74529d9e64c999bfe1108be11ab1fcac4888e2b6564f48832
                                                                                                                                                    • Opcode Fuzzy Hash: 24524302bc7e1c2d4906d3de34d7e6b3f5bcfbafb4094b9b0bee2a8fe50574e8
                                                                                                                                                    • Instruction Fuzzy Hash: 79A18C70508B908ED7B6CF3984907E3BBE0AF1A705F44985ED4EB87382DB39A549CB54
                                                                                                                                                    Function 004486E0 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ;:9
                                                                                                                                                    • API String ID: 0-2043501942
                                                                                                                                                    • Opcode ID: d97c8967657955cd276d75c2220febe862feceba931881bd9131a1eb9477a50b
                                                                                                                                                    • Instruction ID: 166ecc30c5c5a5a7167127fa5737624ab005f046829d42ae61d4228b8a6f3c35
                                                                                                                                                    • Opcode Fuzzy Hash: d97c8967657955cd276d75c2220febe862feceba931881bd9131a1eb9477a50b
                                                                                                                                                    • Instruction Fuzzy Hash: 8B91DE35608301CFD704DF68E89462AB3F1FB9931AF1A887DD5C58B262D735E8A0DB85
                                                                                                                                                    Function 0040ABD0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ,
                                                                                                                                                    • API String ID: 0-3772416878
                                                                                                                                                    • Opcode ID: 131505312b1bb27240f6dfea1676a2032a3f3cfce7b42a5a030031ec475c37fa
                                                                                                                                                    • Instruction ID: 0d3a0fd5714317418c3eb196ea8662ca4d558a8104d2ea2566d1d9a8add1c3b8
                                                                                                                                                    • Opcode Fuzzy Hash: 131505312b1bb27240f6dfea1676a2032a3f3cfce7b42a5a030031ec475c37fa
                                                                                                                                                    • Instruction Fuzzy Hash: 23B128711093819FD321CF28C88461BBBE0AFA9704F484A6DE5D997782D635E918CBA7
                                                                                                                                                    Function 00436820 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: u
                                                                                                                                                    • API String ID: 0-4067256894
                                                                                                                                                    • Opcode ID: 94b029f3c60ce75e62be44490500d877d2167121d91c2291b73e7ba48a2c5e0e
                                                                                                                                                    • Instruction ID: 68ec843625a05ae49eae94000774ad56e911688258ea5f3b4ebefd13b221d55d
                                                                                                                                                    • Opcode Fuzzy Hash: 94b029f3c60ce75e62be44490500d877d2167121d91c2291b73e7ba48a2c5e0e
                                                                                                                                                    • Instruction Fuzzy Hash: E0813B3660A6825BD3186A3C8C5236BBA934FDB334F2ED76FD4F1873E1D56988028355
                                                                                                                                                    Function 00438210 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 004383AF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                    • API String ID: 0-2471034898
                                                                                                                                                    • Opcode ID: f98e4125642b6f7303aa62eec2f0332706fb531fa66a8e9c4ef2ae392f571223
                                                                                                                                                    • Instruction ID: afe642b493d438ff6f411e546c264eb9921c7e99f8502b6c9c7e09c9db7d701f
                                                                                                                                                    • Opcode Fuzzy Hash: f98e4125642b6f7303aa62eec2f0332706fb531fa66a8e9c4ef2ae392f571223
                                                                                                                                                    • Instruction Fuzzy Hash: AB617E37A097A147C7144A3C5C902A6EA421B9B330F3D93BFFCB19B3D1C9598C06439A
                                                                                                                                                    Function 00444C90 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: 07c16a6ef3fe6f820211a56e88c2e791172652be10c3ec7f67f1fdbf28740199
                                                                                                                                                    • Instruction ID: 11df42af5caca9a72f970213e677b6119b7b450c67af953d7501706f7e9fc4bc
                                                                                                                                                    • Opcode Fuzzy Hash: 07c16a6ef3fe6f820211a56e88c2e791172652be10c3ec7f67f1fdbf28740199
                                                                                                                                                    • Instruction Fuzzy Hash: 7261D070A083419BF715DF14C880B2BBBE6FBC5305F28892EE58587392C739E811CB1A
                                                                                                                                                    Function 0043F4E0 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: %*+( C
                                                                                                                                                    • API String ID: 2994545307-954077416
                                                                                                                                                    • Opcode ID: be922c0c939adc15175b50bb0660fc841a115826d8249c1c4825361db5d4de66
                                                                                                                                                    • Instruction ID: 7d8234139b4eac5119e5410618e58e09199086dd3060237d38e04b2fd45e5bbf
                                                                                                                                                    • Opcode Fuzzy Hash: be922c0c939adc15175b50bb0660fc841a115826d8249c1c4825361db5d4de66
                                                                                                                                                    • Instruction Fuzzy Hash: A751F774A09300ABD715AF14C990A3FF7E6EB49301F58982DE4C583362D334DC15CB5A
                                                                                                                                                    Function 00447630 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: =:;8
                                                                                                                                                    • API String ID: 0-508151936
                                                                                                                                                    • Opcode ID: 54dd48c072afd03b892454620e1bfa117142463bc0d3358ed4961d22c0e2c537
                                                                                                                                                    • Instruction ID: f53b1cf1d2d43ff6166c1cf3a92ff21f60dfaf417fc550a19b6e158e7f211dc2
                                                                                                                                                    • Opcode Fuzzy Hash: 54dd48c072afd03b892454620e1bfa117142463bc0d3358ed4961d22c0e2c537
                                                                                                                                                    • Instruction Fuzzy Hash: 6551387160C3009BE714AA18CC90B2FB7E2FB85355F688A2DE9D557392D335EC12C75A
                                                                                                                                                    Function 00428472 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: c229e05f35e7c4b4cdeb9b76f30375a976e6b8e08d527192388afd39e4f33a85
                                                                                                                                                    • Instruction ID: 6c7052a7ca44585b34384a6096d7f96d95edd8748b8cce9ea63459a4869a42d4
                                                                                                                                                    • Opcode Fuzzy Hash: c229e05f35e7c4b4cdeb9b76f30375a976e6b8e08d527192388afd39e4f33a85
                                                                                                                                                    • Instruction Fuzzy Hash: 6A51B039A01226CFDB04CF58DC91BADB7B2FF88301F1884B9D905AB282C775E951CB54
                                                                                                                                                    Function 00443B60 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: 281d42262116a6846f27f4ac80bfbbe8ec96dc12998bac32fe8126af14675107
                                                                                                                                                    • Instruction ID: f12b6d9916bf27ae298f80edd43f87298b307b2ef20082737f3276c392ad6ab7
                                                                                                                                                    • Opcode Fuzzy Hash: 281d42262116a6846f27f4ac80bfbbe8ec96dc12998bac32fe8126af14675107
                                                                                                                                                    • Instruction Fuzzy Hash: 4A41A1756083409BEB249F15D990A2BB7E5EF85B06F14882EE4C597352C339EE10CB16
                                                                                                                                                    Function 00415E11 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: R_A
                                                                                                                                                    • API String ID: 0-2894140241
                                                                                                                                                    • Opcode ID: 855d8a104527a6a22150e8fec24d1a556a90c03b99cb0bcb1a08bb1d239c8c8d
                                                                                                                                                    • Instruction ID: ec5b3addcea719a6fcf74cd29254c95d7c148a3c106f125ae26d6e5b54084fb4
                                                                                                                                                    • Opcode Fuzzy Hash: 855d8a104527a6a22150e8fec24d1a556a90c03b99cb0bcb1a08bb1d239c8c8d
                                                                                                                                                    • Instruction Fuzzy Hash: 90411676908310DFDB109F20DC417AA77E5AFC6314F04493DF49AA7391E739D945878A
                                                                                                                                                    Function 00449A10 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: =:;8
                                                                                                                                                    • API String ID: 0-508151936
                                                                                                                                                    • Opcode ID: 252199f6b865f99cd35cc75fed087e4e72d4e37f0220f0a6ac4012d7f4c8ead0
                                                                                                                                                    • Instruction ID: 05a97aee27dffb00dbd51095f055f4dfe11aa80a2f7f1c92f31228a217469a40
                                                                                                                                                    • Opcode Fuzzy Hash: 252199f6b865f99cd35cc75fed087e4e72d4e37f0220f0a6ac4012d7f4c8ead0
                                                                                                                                                    • Instruction Fuzzy Hash: 0741AD34608340ABE7149F15ED90B2FB7A6FB85714F24882EF48997352D338EC10EB5A
                                                                                                                                                    Function 00449BA0 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: =:;8
                                                                                                                                                    • API String ID: 0-508151936
                                                                                                                                                    • Opcode ID: 885c6c10047bc4ed0b570366a3fb4b3bebb2772f983fa8e19c40e832167c6665
                                                                                                                                                    • Instruction ID: 759e4d3430cde1113ce86e8a34bb78e59f8996fcf463a934eed28b76126d2c1c
                                                                                                                                                    • Opcode Fuzzy Hash: 885c6c10047bc4ed0b570366a3fb4b3bebb2772f983fa8e19c40e832167c6665
                                                                                                                                                    • Instruction Fuzzy Hash: 5F41AE74608300ABE7149F15D9D0B2BB7E6EB85715F24882DF4899B392D339EC10DB5A
                                                                                                                                                    Function 0041D672 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: 733a2dbd1cf4672a115e637de9dafb62a3098bf24dbbcf4e5888588c2816f7c5
                                                                                                                                                    • Instruction ID: d6c46c66ae9e6c5d1d19b663e2ea9136945d175d09991c158c64094f61309ff6
                                                                                                                                                    • Opcode Fuzzy Hash: 733a2dbd1cf4672a115e637de9dafb62a3098bf24dbbcf4e5888588c2816f7c5
                                                                                                                                                    • Instruction Fuzzy Hash: 2041CEB5908340DFE7209F14DC00BABB3E1FB85705F45482EE888D7292E739D8A0CB46
                                                                                                                                                    Function 0041F1D6 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: 4ecaa68750894424e067e98bf0d20a1b22babd46e09aa345b509e8e24610b141
                                                                                                                                                    • Instruction ID: a6c9ce00cba962c7c3dada17f7fdb58dfd8cba5fbe56f3e409aa767892d6adfc
                                                                                                                                                    • Opcode Fuzzy Hash: 4ecaa68750894424e067e98bf0d20a1b22babd46e09aa345b509e8e24610b141
                                                                                                                                                    • Instruction Fuzzy Hash: DF21A1756087418FC724DF50D8407ABB3A3FBC5342F998A2DE0889B241EB35E995CB5A
                                                                                                                                                    Function 0041D733 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %*+(
                                                                                                                                                    • API String ID: 0-3233224373
                                                                                                                                                    • Opcode ID: b48c7630343390b3a8e9737404bf7ddddcf45d4d8cc301cdf950801ecadfe327
                                                                                                                                                    • Instruction ID: 467a029f645a2142064093daf3857129aa1f7519d3d2f2b5e9473d916f879c2c
                                                                                                                                                    • Opcode Fuzzy Hash: b48c7630343390b3a8e9737404bf7ddddcf45d4d8cc301cdf950801ecadfe327
                                                                                                                                                    • Instruction Fuzzy Hash: EF115BB49093908BD7208F5494407ABB7E2BB85305F59492EE48DA7281D739D890CB5A
                                                                                                                                                    Function 00416319 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: *:
                                                                                                                                                    • API String ID: 0-3904767845
                                                                                                                                                    • Opcode ID: 317a3e2dbef9a5b92eb774d5d7bc237b065a66ea56b3334d113ad8a41e243999
                                                                                                                                                    • Instruction ID: b7f778086449c3eb0137174c245c1d9e42db36ab03648f51802886adca72a67a
                                                                                                                                                    • Opcode Fuzzy Hash: 317a3e2dbef9a5b92eb774d5d7bc237b065a66ea56b3334d113ad8a41e243999
                                                                                                                                                    • Instruction Fuzzy Hash: 7C0162314083808BD3109B54D455B6BF7F4FF8A308F080A2EE5C9B7292D338D6048B2B
                                                                                                                                                    Function 0040C210 Relevance: .8, Instructions: 831COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5fd26393617856e3c2acf54515b9dd5ddd27122736f2a2b69c35036bece5926b
                                                                                                                                                    • Instruction ID: 179032f12f22df4b8eb37ecbda361d27a15dad5cbb10d81a9cca6dc2c1375ba5
                                                                                                                                                    • Opcode Fuzzy Hash: 5fd26393617856e3c2acf54515b9dd5ddd27122736f2a2b69c35036bece5926b
                                                                                                                                                    • Instruction Fuzzy Hash: E842D532A04725CBC7249F18D8C026BB3E1FFD4315F158B3ED996A72C1D738A9558B8A
                                                                                                                                                    Function 0040B700 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8f92698deaff8939c339fccb0f6a3cc66705d472c08b73d3bd7e991e7649a8ee
                                                                                                                                                    • Instruction ID: 2f79066177d34c8e895ea1b2e84f5c690b05b2b1254f0cdf5d6c225214919f47
                                                                                                                                                    • Opcode Fuzzy Hash: 8f92698deaff8939c339fccb0f6a3cc66705d472c08b73d3bd7e991e7649a8ee
                                                                                                                                                    • Instruction Fuzzy Hash: 2F529070A087848FEB358B24C4847A7BBE1EB91314F14493ED5E656BC6C37DA885CB8D
                                                                                                                                                    Function 004073D0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 37804d0beffa80cf22a95da8fb3c7ddbc735901a0654d68907e0afcfec5e073f
                                                                                                                                                    • Instruction ID: 7e7a3d20024d16f2f1ec0159e87d0553ddb1ba7e41c287eb9bd16d3c1bf9a147
                                                                                                                                                    • Opcode Fuzzy Hash: 37804d0beffa80cf22a95da8fb3c7ddbc735901a0654d68907e0afcfec5e073f
                                                                                                                                                    • Instruction Fuzzy Hash: 1A52C27190C3458FCB15CF18C0906AABBE1FF89314F18897EE89967381D778E949CB86
                                                                                                                                                    Function 00407DD0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 45b6ecd5fba9f7a55768fb7de1a0358b410302586bb6fd790ad3ec88ecfc0687
                                                                                                                                                    • Instruction ID: 38d2d3b7ba493b0d29d8285af648369fe573881a89b1f301cef14c62c1dcf11c
                                                                                                                                                    • Opcode Fuzzy Hash: 45b6ecd5fba9f7a55768fb7de1a0358b410302586bb6fd790ad3ec88ecfc0687
                                                                                                                                                    • Instruction Fuzzy Hash: 84321370914B118FC368CF29C69052ABBF1BF85710B604A2ED6D797B90DB3AB845CB18
                                                                                                                                                    Function 00448BE0 Relevance: .5, Instructions: 541COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8fe54cdf1ecdaec582b565a461110b8162f9ddcb61d1fb0a2152f14216461e9a
                                                                                                                                                    • Instruction ID: a40ff6c43f9f244f78c5a82676b7b6b98954f686d4d278fac8d9b223ff6f4173
                                                                                                                                                    • Opcode Fuzzy Hash: 8fe54cdf1ecdaec582b565a461110b8162f9ddcb61d1fb0a2152f14216461e9a
                                                                                                                                                    • Instruction Fuzzy Hash: C8F1BE3560D340DFD708DF28D89062EB7E2FB8A305F19896DE9898B392C739D854CB56
                                                                                                                                                    Function 0040A680 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5399b1bb572af801badaa37716df09e2c6aff5af66002a532ad583c85112ac44
                                                                                                                                                    • Instruction ID: 7990fb29706556707dde4fd5fad898feee0c51d8f3dfd2d56199bf50cbec7d80
                                                                                                                                                    • Opcode Fuzzy Hash: 5399b1bb572af801badaa37716df09e2c6aff5af66002a532ad583c85112ac44
                                                                                                                                                    • Instruction Fuzzy Hash: F4F1D0356083418FC724CF29C88166BFBE2EFD9304F08892EE5D587791E679E854CB96
                                                                                                                                                    Function 00427250 Relevance: .4, Instructions: 431COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 11636e97cc9e1b13f5c9c812d885e02fcaf38fb5c399c1e31036fbb801fa8f76
                                                                                                                                                    • Instruction ID: 0cdddc02200e710996c9f464b2c0e16f8fae38d8edd5e86623daa92770803a83
                                                                                                                                                    • Opcode Fuzzy Hash: 11636e97cc9e1b13f5c9c812d885e02fcaf38fb5c399c1e31036fbb801fa8f76
                                                                                                                                                    • Instruction Fuzzy Hash: 33C1C07160C2209BD711EF15E841A2BB7F1EF96314F48481EF8C59B352E339D954CBAA
                                                                                                                                                    Function 0040CF10 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6a16511359572a211e44db4d017724f983ed57499440677c537153cc7e8df251
                                                                                                                                                    • Instruction ID: d1dc7cc3517d3da3b7596efd16a34da9a0b9da04abc1e7c3f9beb679c80cb8db
                                                                                                                                                    • Opcode Fuzzy Hash: 6a16511359572a211e44db4d017724f983ed57499440677c537153cc7e8df251
                                                                                                                                                    • Instruction Fuzzy Hash: B9D11A71E083454BC3148E69D8D025BB7E3EBC1324F19C63EE8A55B3D5D67C9D0A8B86
                                                                                                                                                    Function 00447BE0 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9f218593850381a6470916a938c8b175638f7679d89ee5ca95996b180ea1f7b8
                                                                                                                                                    • Instruction ID: c9e57fddc4b5059fee863ebfc4717d9e4b53c487b5aa1af8129d73eb291600a5
                                                                                                                                                    • Opcode Fuzzy Hash: 9f218593850381a6470916a938c8b175638f7679d89ee5ca95996b180ea1f7b8
                                                                                                                                                    • Instruction Fuzzy Hash: 46A105B1A0C3505BF7209F29CC84B2BB7E5EF85314F18492EE99897352E739DC068796
                                                                                                                                                    Function 00416866 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d113d7714e9cf4a71358f343ff61d6d616e238023072c940eb22c9515d8f64a4
                                                                                                                                                    • Instruction ID: 198fbd16f1d85bd402acf33399e9c59ac2efad4e2ff8bddcaaed117cf40b1fea
                                                                                                                                                    • Opcode Fuzzy Hash: d113d7714e9cf4a71358f343ff61d6d616e238023072c940eb22c9515d8f64a4
                                                                                                                                                    • Instruction Fuzzy Hash: 5AB136754183809BD310DB54D880B6FFBE4BF86308F55492EF48997292E779D888CB6B
                                                                                                                                                    Function 0040B270 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c48c829b0cf2cbc4580a6ff7763ab4075973b40cc397e4fccb5515b17566094a
                                                                                                                                                    • Instruction ID: 0234ceb963d8a02704c1e57bcfff9fe46afb523a25e9fe19499d52599f9026f9
                                                                                                                                                    • Opcode Fuzzy Hash: c48c829b0cf2cbc4580a6ff7763ab4075973b40cc397e4fccb5515b17566094a
                                                                                                                                                    • Instruction Fuzzy Hash: CDC14AB29487418FC360CF28DC96BABB7E1EF85318F08492DD1D9D6342E778A155CB4A
                                                                                                                                                    Function 00448F50 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a94fd9aed8d6464f93a3c7e3c01e75f9f85fb14a496f472ed7380c30d0412349
                                                                                                                                                    • Instruction ID: d1856f2df7b17df036322d035787986b50e5d5ead949585b24561e3f96d87a88
                                                                                                                                                    • Opcode Fuzzy Hash: a94fd9aed8d6464f93a3c7e3c01e75f9f85fb14a496f472ed7380c30d0412349
                                                                                                                                                    • Instruction Fuzzy Hash: 00718C346083409FD704DF28D99062EB7E6EF8A715F08886DE9C98B352D339DC54DB56
                                                                                                                                                    Function 0040937E Relevance: .3, Instructions: 271COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b0ef1785d72f85255e1e48e5b08f02b99cae4b70ce7c4ddbeaeeac40e331766d
                                                                                                                                                    • Instruction ID: da4701f7a8a59232985f5eb7826d161c8a40ede4280be22fc3981c3486a237f8
                                                                                                                                                    • Opcode Fuzzy Hash: b0ef1785d72f85255e1e48e5b08f02b99cae4b70ce7c4ddbeaeeac40e331766d
                                                                                                                                                    • Instruction Fuzzy Hash: AEB1AB79208201CFD708CF25D86076A7BE1FB89355F18897DE84687391D738D986CF85
                                                                                                                                                    Function 004214D3 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 784783a52b8a3d62a329717329e0ca1320d973b9daf5a27f063a18c6152c18b4
                                                                                                                                                    • Instruction ID: af15282fea1b0d4e313f27ad5009ceaba83f809070ec496722640b7832397f3c
                                                                                                                                                    • Opcode Fuzzy Hash: 784783a52b8a3d62a329717329e0ca1320d973b9daf5a27f063a18c6152c18b4
                                                                                                                                                    • Instruction Fuzzy Hash: 29619AB0508350DBD311AF19E891A2BB7F0EFA2745F48495EF4C59B262E33AC911CB5B
                                                                                                                                                    Function 004214EA Relevance: .2, Instructions: 244COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6d99b82aa8ddc21967d82e361e1d2274e7ac84d13d086154e7058d46dc646937
                                                                                                                                                    • Instruction ID: 7111a839e9d3c91cfaf48d60914ca5a6afb26961dd233a537396bda51b9bc6b6
                                                                                                                                                    • Opcode Fuzzy Hash: 6d99b82aa8ddc21967d82e361e1d2274e7ac84d13d086154e7058d46dc646937
                                                                                                                                                    • Instruction Fuzzy Hash: F461AAB0608350DBC311AF19E891A2BB7F0EFA2755F48495EF4C59B262D33AC911CB5B
                                                                                                                                                    Function 00416574 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e72aa7a498b2b9b2dfecdd60ee23e0f4f9d1c2478f50c3c5e971454d0b5e0c81
                                                                                                                                                    • Instruction ID: ab1f1018790031ee9c7c10a6f7340843e4bf55e4f70f010004c05f7dbce76356
                                                                                                                                                    • Opcode Fuzzy Hash: e72aa7a498b2b9b2dfecdd60ee23e0f4f9d1c2478f50c3c5e971454d0b5e0c81
                                                                                                                                                    • Instruction Fuzzy Hash: F58148755083809BD310DB54D880BAFFBE4AF86308F154D1EE4D897291E7B9D888CB6A
                                                                                                                                                    Function 0042DB4B Relevance: .2, Instructions: 216COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 270b97007977c48ba5376386b21794ec2fcb6a5a0464c1c1fc117d1d76f24f76
                                                                                                                                                    • Instruction ID: 673c6b3bbbd53f9c22ccfe51b5a6f695aa7f56030b97dac0bd30af74e8f096ee
                                                                                                                                                    • Opcode Fuzzy Hash: 270b97007977c48ba5376386b21794ec2fcb6a5a0464c1c1fc117d1d76f24f76
                                                                                                                                                    • Instruction Fuzzy Hash: AD5119B3F047194FD714DE29DC9022AF7D2ABC4210F5A863DD9699B382EA78EC0587C1
                                                                                                                                                    Function 004365E0 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ab142ebe5769f5d5514a8bc349562a83129f8e9972c3143ae3e22d1548ba5ff3
                                                                                                                                                    • Instruction ID: b52e754ff7f7bdcd96bdcc20424ae0671895b43bfbd965ceef7946b1b7f15a2a
                                                                                                                                                    • Opcode Fuzzy Hash: ab142ebe5769f5d5514a8bc349562a83129f8e9972c3143ae3e22d1548ba5ff3
                                                                                                                                                    • Instruction Fuzzy Hash: D4516C2620E58257D7289A3C4C623B96A834FDB374F3ED72FD5B2873D1C61D4402431A
                                                                                                                                                    Function 0043EC60 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d531771b5ac3b43f583770d02df8f3e1e7f618f6241c98f58e7b1b724ce75ce4
                                                                                                                                                    • Instruction ID: 855ce3d2ff55087a3fe446360c4d7d2d80b6ecc8f2b3d94c0b0b5af49f22110f
                                                                                                                                                    • Opcode Fuzzy Hash: d531771b5ac3b43f583770d02df8f3e1e7f618f6241c98f58e7b1b724ce75ce4
                                                                                                                                                    • Instruction Fuzzy Hash: 8E515CB15087548FE314DF29D49535BBBE1BBC8318F044E2EE4E987391E379DA088B86
                                                                                                                                                    Function 00406E30 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0173b49a01aa6f585f93fec65d7f76c73ce0402e069515b85d07bbe0d6abbdfc
                                                                                                                                                    • Instruction ID: 3141c5b1859c4b1ed9a37be143eb06df05074a468c29e561fd46d3f232faac6f
                                                                                                                                                    • Opcode Fuzzy Hash: 0173b49a01aa6f585f93fec65d7f76c73ce0402e069515b85d07bbe0d6abbdfc
                                                                                                                                                    • Instruction Fuzzy Hash: 6A41E922B0C2764BC7149A7DCC5027ABAD64FC5214F1E837AE8CAEB7C6E5789C1053D9
                                                                                                                                                    Function 004210D0 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c978601841f293907c565e382e04f250fbca0c5c93ea7255ffc38724c8199d3e
                                                                                                                                                    • Instruction ID: 5ce560d5a09dffc801b9713141ef514529169b63506e356245f8ffced50adb6c
                                                                                                                                                    • Opcode Fuzzy Hash: c978601841f293907c565e382e04f250fbca0c5c93ea7255ffc38724c8199d3e
                                                                                                                                                    • Instruction Fuzzy Hash: 9C418B70508350CBD310DF18D49192BB7F0FFA6398F548A4DE9959B3A1E779D900CBAA
                                                                                                                                                    Function 00405C00 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f4845bcb268fc2781b429f43bf46a0691f6b833da9af978e253253a235040799
                                                                                                                                                    • Instruction ID: b2cf4deca0400fd5fea032b1cbf3451fc825e2a6972d5773cf43d1f0e4f9a6e1
                                                                                                                                                    • Opcode Fuzzy Hash: f4845bcb268fc2781b429f43bf46a0691f6b833da9af978e253253a235040799
                                                                                                                                                    • Instruction Fuzzy Hash: E651F474A047019FC714EF14C884927B7A1FF85364F19867EE895AB392D634EC82CF9A
                                                                                                                                                    Function 00414294 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 97271d1b3f9190eeeb81f7ee7b3d25e7ad10b551802a9f6f7667fd231b71bad1
                                                                                                                                                    • Instruction ID: 1fa9bda1476f87c2b7c2d742166c8c66e8e3bde244159149de2697868e56f644
                                                                                                                                                    • Opcode Fuzzy Hash: 97271d1b3f9190eeeb81f7ee7b3d25e7ad10b551802a9f6f7667fd231b71bad1
                                                                                                                                                    • Instruction Fuzzy Hash: 734159B4519340AFD340AB54E895B2FFBF8AF86304F84982EF89493262D378D4448B5B
                                                                                                                                                    Function 00411B50 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3796caac5fdd386676789e274ac0dc37df04228f9ce286bec626a323ee5dadd6
                                                                                                                                                    • Instruction ID: d2e36970f1c892e70df14f182262214d86bd21f705211d9b07ff0bfecf973f0c
                                                                                                                                                    • Opcode Fuzzy Hash: 3796caac5fdd386676789e274ac0dc37df04228f9ce286bec626a323ee5dadd6
                                                                                                                                                    • Instruction Fuzzy Hash: 514148767183A50BD31C8E398C9027ABAD19BC5210F1C873EF5A9C73E1E278C9469755
                                                                                                                                                    Function 0043F3F0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: eacd6d1bf5d751a5555680712c2f55212fa993ee3a8942bad22234f372755002
                                                                                                                                                    • Instruction ID: 06d10a4b4de30274cb44548cded22ac272b0d694c1138d0b659082ff5fb3f4d6
                                                                                                                                                    • Opcode Fuzzy Hash: eacd6d1bf5d751a5555680712c2f55212fa993ee3a8942bad22234f372755002
                                                                                                                                                    • Instruction Fuzzy Hash: 2421DA32D0812447C724DB5D8481437F7E8EBAE709F46A63FD98497354E3399C1487E5
                                                                                                                                                    Function 00404B50 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a1df307a01abbd9b5bc72b41129330a4f31f536fd3ccda6bd26083d42a983f49
                                                                                                                                                    • Instruction ID: a5158b58b2244923fb86fafe67f782213786cc440b683b09a74ffbffb31bf152
                                                                                                                                                    • Opcode Fuzzy Hash: a1df307a01abbd9b5bc72b41129330a4f31f536fd3ccda6bd26083d42a983f49
                                                                                                                                                    • Instruction Fuzzy Hash: 033186B16042009BD7149E19C880B27B7F5EBC4358F14497EE995A73C1D239ED52CB8A
                                                                                                                                                    Function 0041FBB1 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 70600c00407f57af6e7643053d55f44008fab0a7a73b61f8498b268a0a0cf229
                                                                                                                                                    • Instruction ID: 91403ada59c80af92606582a27bfd04c79c960a9323eabaa12cec6cf06ffbbe3
                                                                                                                                                    • Opcode Fuzzy Hash: 70600c00407f57af6e7643053d55f44008fab0a7a73b61f8498b268a0a0cf229
                                                                                                                                                    • Instruction Fuzzy Hash: 24210531408340CBD720CF94C451BABB7F0FF96754F04892EE8899B391E3788949DBAA
                                                                                                                                                    Function 00407020 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4aeaf61510b2e2fb7d1f4a18c956008caba3bd124f0fc2ccdfa8a74b8507fd34
                                                                                                                                                    • Instruction ID: 6e7d0bf59782c8caebc80d2b72e0ad35498567dc67d674abe8dec8484ce65258
                                                                                                                                                    • Opcode Fuzzy Hash: 4aeaf61510b2e2fb7d1f4a18c956008caba3bd124f0fc2ccdfa8a74b8507fd34
                                                                                                                                                    • Instruction Fuzzy Hash: EC11D337B186214BE758CF62D8E053B6352EB8A21170A423EDA47A73C2CE35F801D296
                                                                                                                                                    Function 0043B9F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                    • Instruction ID: c5baf626a9f3c5b1a7c090f6d1c513c9a0ee97e091346a677967a88c05ec2ffc
                                                                                                                                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                    • Instruction Fuzzy Hash: 91115933A085D40EC3129D3C8400765BFA34A97234F28939AF4B99B3D2C7268D8B9398
                                                                                                                                                    Function 004300B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 78472cdc561be1de6c15c3ac03a752c4fe24ca9b76bcca51e62a2e1d5f513d67
                                                                                                                                                    • Instruction ID: 53c5724289730483ebc0c5bc93c1b4bf7b37334cb8c9fa6a51b5d5afab51a243
                                                                                                                                                    • Opcode Fuzzy Hash: 78472cdc561be1de6c15c3ac03a752c4fe24ca9b76bcca51e62a2e1d5f513d67
                                                                                                                                                    • Instruction Fuzzy Hash: D401B5F160030147EB24AF15E5E172BB2B85F48B08F08563ED80967342DB7EEC05D2A9
                                                                                                                                                    Function 0040F917 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c1bcba0e93c530db99497d0dd31ec127801fcab15647f511495840a2536ecd7a
                                                                                                                                                    • Instruction ID: 2a81a8060df05c4008c8e77e79816bfc4091818ee5787bfc9394ef3a1bc5ed3c
                                                                                                                                                    • Opcode Fuzzy Hash: c1bcba0e93c530db99497d0dd31ec127801fcab15647f511495840a2536ecd7a
                                                                                                                                                    • Instruction Fuzzy Hash: 2511C471B16151DBEB258B299C50B7AB7B2BB87200F1C41BAD486F37D1D2388D4ACF18
                                                                                                                                                    Function 004432E0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c35ebd33b0a868ece5fa81ca9ba613642357e870ac6f59d1c087c9d52aadc636
                                                                                                                                                    • Instruction ID: 7d8a3e583e3a390d0d73e3dbf99091ecfc1539457756a91f7df3a6d319445fe4
                                                                                                                                                    • Opcode Fuzzy Hash: c35ebd33b0a868ece5fa81ca9ba613642357e870ac6f59d1c087c9d52aadc636
                                                                                                                                                    • Instruction Fuzzy Hash: 15014F72A295214B8B4CDD3D9C2116BBBD19B89730F1A8B3DBDFAD72E0D234C8454685
                                                                                                                                                    Function 0042DA0A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a961ee417b28871150b9e187044014ce4bd566ab8900ee7e0e85f2a66936b54c
                                                                                                                                                    • Instruction ID: 2b9d54a66263602e410f43730ca31820d9c094fe8c03107b6883f3cc5ab60285
                                                                                                                                                    • Opcode Fuzzy Hash: a961ee417b28871150b9e187044014ce4bd566ab8900ee7e0e85f2a66936b54c
                                                                                                                                                    • Instruction Fuzzy Hash: 5A013570A0C3108BD7049F16E940A2AF7F2FB8A709F545A6AE4C9A3311D334ED01CB4A
                                                                                                                                                    Function 0044518B Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fc43853c1bb009c1c5ba99451afc509ed8dc5713007873379a3f344642e5803e
                                                                                                                                                    • Instruction ID: bda9b97f036035324769e7dd4b14887e049c85eb035dd92431c513c92175563b
                                                                                                                                                    • Opcode Fuzzy Hash: fc43853c1bb009c1c5ba99451afc509ed8dc5713007873379a3f344642e5803e
                                                                                                                                                    • Instruction Fuzzy Hash: 9B01C0B09102418FEF00DFA8D98062F7BB1AB06305F584458D846BF347D334DA15CBBA
                                                                                                                                                    Function 004221A0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1aee55f74cf63f0bcf27f2a94c64ef40f74351bc2f3e3d73a2157603e7e4e9e0
                                                                                                                                                    • Instruction ID: 83bc2a0f4c6610ad6eb8d3716051e8fa586fbabdba77dfa71d291bffbc2af4af
                                                                                                                                                    • Opcode Fuzzy Hash: 1aee55f74cf63f0bcf27f2a94c64ef40f74351bc2f3e3d73a2157603e7e4e9e0
                                                                                                                                                    • Instruction Fuzzy Hash: 42014B72A195210B8748DE3C992212BBEE15B85330F168B2EBCFAD73E0D628CD144696
                                                                                                                                                    Function 00437557 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b1dc1e08b16fd630728bc2975af4581e433f40acbf6d4bba23a0daa4976a0907
                                                                                                                                                    • Instruction ID: 29d1843231586ffc13bd66906b31da83c21bf2e90f2034cb1871587f6d3e83ef
                                                                                                                                                    • Opcode Fuzzy Hash: b1dc1e08b16fd630728bc2975af4581e433f40acbf6d4bba23a0daa4976a0907
                                                                                                                                                    • Instruction Fuzzy Hash: B9F014F09142006EE704BA3CCE4AB377AECEB45218F00464CFCA9D72C5E37068188BE6
                                                                                                                                                    Function 0041B000 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 87b609d3f0c2804ff5dd618c8a20769add822df850d467d4e998f7a2218d14df
                                                                                                                                                    • Instruction ID: 0639dadb1130b3f9d39aa2721587f05209e2ba5714bb3806ceb2dc41eb5cf330
                                                                                                                                                    • Opcode Fuzzy Hash: 87b609d3f0c2804ff5dd618c8a20769add822df850d467d4e998f7a2218d14df
                                                                                                                                                    • Instruction Fuzzy Hash: F3F0ECB170421057DB32CA55ECD0FB7BF9CCB8F354F191456E84557203E2695884C3E9
                                                                                                                                                    Function 004416A0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                    • Instruction ID: f2014a84591d8b1651eb51c9cf32dc204f6f011b2e75e78e2ce1e1e92b8acb02
                                                                                                                                                    • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                    • Instruction Fuzzy Hash: 37D05B21508261476B64CD199400977F7F0EA87711B49555FF581D3258D634DC41C1AD
                                                                                                                                                    Function 0042A8A0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 75bf4765cd6369d1d929975b4d005ae94e359678522ed3bc452efbf5d0c47e48
                                                                                                                                                    • Instruction ID: d7331c652808e980a9ab1d83da08e8e6816827808003e54eab1ea1083092252d
                                                                                                                                                    • Opcode Fuzzy Hash: 75bf4765cd6369d1d929975b4d005ae94e359678522ed3bc452efbf5d0c47e48
                                                                                                                                                    • Instruction Fuzzy Hash: 90B002749482C0DBD504CF45D550575F375A74B615F14781CD146B7552D660E450C61D
                                                                                                                                                    Function 0041FB73 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f8ce62699d77cf6fc485452aab23bc0d2f06dc97fb250f0cdf8bb77fec48897e
                                                                                                                                                    • Instruction ID: 10fcdf0d7778afe5cfa01efcbfe7145de207d28205f498bccebed74cc4f07649
                                                                                                                                                    • Opcode Fuzzy Hash: f8ce62699d77cf6fc485452aab23bc0d2f06dc97fb250f0cdf8bb77fec48897e
                                                                                                                                                    • Instruction Fuzzy Hash: 56A001A9D49201C6E9006F21AC8647AA13C561B60AF047575990B32153A539D119955E
                                                                                                                                                    Function 00437E6C Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitVariant
                                                                                                                                                    • String ID: h$o$p$u$w$x$|
                                                                                                                                                    • API String ID: 1927566239-4240480344
                                                                                                                                                    • Opcode ID: cde7acc4cee73d9f3ad6b51b58eba3b6d1e0ed05a24c7d8988c59abd281807a9
                                                                                                                                                    • Instruction ID: 9d6958b47ad856ebde4cbe1dfb74169830e054e6d7501ee8f713b10cbfeadee3
                                                                                                                                                    • Opcode Fuzzy Hash: cde7acc4cee73d9f3ad6b51b58eba3b6d1e0ed05a24c7d8988c59abd281807a9
                                                                                                                                                    • Instruction Fuzzy Hash: F941F3705087818ED726CF2CC59871ABFE1AB56324F08869CD8EA4F397C779E415CB62
                                                                                                                                                    Function 0043760A Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 81COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitVariant
                                                                                                                                                    • String ID: h$o$p$u$w$x$|
                                                                                                                                                    • API String ID: 1927566239-4240480344
                                                                                                                                                    • Opcode ID: b92fb920b183803341b6a49ae8c15ec2c06aa1b04362e43098b3f3f3dc9228c7
                                                                                                                                                    • Instruction ID: aae88484b20a0b16339dad471568bb0d05582c718af79cc38c7e699e218f90ee
                                                                                                                                                    • Opcode Fuzzy Hash: b92fb920b183803341b6a49ae8c15ec2c06aa1b04362e43098b3f3f3dc9228c7
                                                                                                                                                    • Instruction Fuzzy Hash: DC41D4604087C18ED721DF2CC49870ABFE16B56224F088A9DD8EA4F3EBC775E515CB62
                                                                                                                                                    Function 00428CF6 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 316COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1745014372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_400000_aspnet_regiis.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DrivesLogical
                                                                                                                                                    • String ID: E)C$ ])[$9A,_$M5M3$ke${u
                                                                                                                                                    • API String ID: 999431828-2464183539
                                                                                                                                                    • Opcode ID: 8e946b173a2b0638e8986dccd9bdd53224a04dabdfdf3614ca645997601eb116
                                                                                                                                                    • Instruction ID: 521e53e9a01874bd80e11f3ac1d6111864371d013e5fd0349dafb285c374cbb8
                                                                                                                                                    • Opcode Fuzzy Hash: 8e946b173a2b0638e8986dccd9bdd53224a04dabdfdf3614ca645997601eb116
                                                                                                                                                    • Instruction Fuzzy Hash: D6C1BAB490121ADFCB00CF55E8816AEBB70FF05309F60455DE415AB792D33AE962CFA9